Iexplore keeps replicating - eats up memory

Status
Not open for further replies.
E

E140714

New member
My Lenovo thinkpad has acquired a virus that makes it essentially unusable. I ave to keep Task Manager open and keep killing the process to keep memory usae from going up to 95-97% and freezing the computer. I need some help, please. Thank you in advance.

I ran several malware removal tools and anti-spyware, including spy-bot and anti-malware and removed a lot of junk, but none have eliminated this problem.

I ran the ERUNT program per the instructions. I think it ran okay.

I ran the DDS program. It did NOT generate te DDS.txt report, only attach.txt, which is zipped and attached.

I ran the aswMBR program three different times because it would freeze after about 8 minutes. I waited about 20 minutes before stopping the scan and saving the log. The freeze point seemed to be at
scanning:C:\Users\admin\App Data\Local\Microsoft\Toolbar\Backup\wlextension.dll

The aswMBR.txt file is below:

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-14 20:36:24
-----------------------------
20:36:24.558 OS Version: Windows x64 6.1.7601 Service Pack 1
20:36:24.558 Number of processors: 4 586 0x2505
20:36:24.628 ComputerName: ADMIN-THINK UserName: admin
20:36:31.418 Initialize success
20:36:31.498 VM: initialized successfully
20:36:31.618 VM: Intel CPU BiosDisabled
20:36:41.040 VM: supported disk I/O iaStor.sys
20:42:08.575 AVAST engine defs: 14071401
20:42:29.495 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:42:29.510 Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 3
20:42:30.353 Disk 0 MBR read successfully
20:42:30.353 Disk 0 MBR scan
20:42:30.415 Disk 0 Windows VISTA default MBR code
20:42:30.431 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
20:42:30.431 Disk 0 Boot: NTFS code=1
20:42:30.462 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648
20:42:30.493 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
20:42:31.101 Disk 0 scanning C:\Windows\system32\drivers
20:43:13.903 Service scanning
20:44:04.750 Modules scanning
20:44:04.750 Disk 0 trace - called modules:
20:44:04.781 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ntoskrnl.exe iaStor.sys hal.dll
20:44:04.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c51060]
20:44:04.797 3 CLASSPNP.SYS[fffff88001b8043f] -> nt!IofCallDriver -> [0xfffffa800491ec90]
20:44:04.797 5 ACPI.sys[fffff88000f027a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800494b050]
20:44:08.073 AVAST engine scan C:\Windows
20:44:13.033 AVAST engine scan C:\Windows\system32
20:47:55.371 AVAST engine scan C:\Windows\system32\drivers
20:48:13.629 AVAST engine scan C:\Users\admin
20:58:51.294 Scan stopped
20:58:57.160 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:58:57.175 Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 3
20:58:57.253 Disk 0 MBR read successfully
20:58:57.269 Disk 0 MBR scan
20:58:57.269 Disk 0 Windows VISTA default MBR code
20:58:57.285 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
20:58:57.300 Disk 0 Boot: NTFS code=1
20:58:57.316 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648
20:58:57.347 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
20:58:57.363 Disk 0 scanning C:\Windows\system32\drivers
20:58:57.363 Service scanning
20:59:57.683 Modules scanning
20:59:57.683 Disk 0 trace - called modules:
20:59:57.713 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ntoskrnl.exe iaStor.sys hal.dll
20:59:57.729 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c51060]
20:59:57.729 3 CLASSPNP.SYS[fffff88001b8043f] -> nt!IofCallDriver -> [0xfffffa800491ec90]
20:59:57.729 5 ACPI.sys[fffff88000f027a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800494b050]
21:00:01.317 AVAST engine scan C:\Windows
21:00:08.118 AVAST engine scan C:\Windows\system32
21:03:39.405 AVAST engine scan C:\Windows\system32\drivers
21:03:55.130 AVAST engine scan C:\Users\admin
21:37:21.353 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
21:37:21.431 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-15 20:23:47
-----------------------------
20:23:47.436 OS Version: Windows x64 6.1.7601 Service Pack 1
20:23:47.436 Number of processors: 4 586 0x2505
20:23:47.436 ComputerName: ADMIN-THINK UserName: admin
20:23:54.627 Initialize success
20:23:54.643 VM: initialized successfully
20:23:54.674 VM: Intel CPU BiosDisabled
20:24:08.248 VM: supported disk I/O iaStor.sys
20:24:43.063 AVAST engine defs: 14071401
20:24:53.367 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:24:53.367 Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 3
20:24:53.539 Disk 0 MBR read successfully
20:24:53.539 Disk 0 MBR scan
20:24:53.555 Disk 0 Windows VISTA default MBR code
20:24:53.555 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
20:24:53.570 Disk 0 Boot: NTFS code=1
20:24:53.601 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648
20:24:53.648 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
20:24:53.695 Disk 0 scanning C:\Windows\system32\drivers
20:25:05.130 Service scanning
20:26:00.486 Modules scanning
20:26:00.486 Disk 0 trace - called modules:
20:26:00.517 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ntoskrnl.exe iaStor.sys
20:26:00.533 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c92060]
20:26:00.533 3 CLASSPNP.SYS[fffff88001b7c43f] -> nt!IofCallDriver -> [0xfffffa800492de40]
20:26:00.548 5 ACPI.sys[fffff88000f097a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004930050]
20:26:04.105 AVAST engine scan C:\Windows
20:26:09.035 AVAST engine scan C:\Windows\system32
20:30:31.360 AVAST engine scan C:\Windows\system32\drivers
20:30:49.737 AVAST engine scan C:\Users\admin
20:43:26.480 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
20:43:26.730 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-15 20:23:47
-----------------------------
20:23:47.436 OS Version: Windows x64 6.1.7601 Service Pack 1
20:23:47.436 Number of processors: 4 586 0x2505
20:23:47.436 ComputerName: ADMIN-THINK UserName: admin
20:23:54.627 Initialize success
20:23:54.643 VM: initialized successfully
20:23:54.674 VM: Intel CPU BiosDisabled
20:24:08.248 VM: supported disk I/O iaStor.sys
20:24:43.063 AVAST engine defs: 14071401
20:24:53.367 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:24:53.367 Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 3
20:24:53.539 Disk 0 MBR read successfully
20:24:53.539 Disk 0 MBR scan
20:24:53.555 Disk 0 Windows VISTA default MBR code
20:24:53.555 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
20:24:53.570 Disk 0 Boot: NTFS code=1
20:24:53.601 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648
20:24:53.648 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
20:24:53.695 Disk 0 scanning C:\Windows\system32\drivers
20:25:05.130 Service scanning
20:26:00.486 Modules scanning
20:26:00.486 Disk 0 trace - called modules:
20:26:00.517 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ntoskrnl.exe iaStor.sys
20:26:00.533 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c92060]
20:26:00.533 3 CLASSPNP.SYS[fffff88001b7c43f] -> nt!IofCallDriver -> [0xfffffa800492de40]
20:26:00.548 5 ACPI.sys[fffff88000f097a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004930050]
20:26:04.105 AVAST engine scan C:\Windows
20:26:09.035 AVAST engine scan C:\Windows\system32
20:30:31.360 AVAST engine scan C:\Windows\system32\drivers
20:30:49.737 AVAST engine scan C:\Users\admin
20:43:26.480 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
20:43:26.730 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"
20:44:18.214 Scan stopped
20:44:22.966 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:44:22.971 Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 3
20:44:23.059 Disk 0 MBR read successfully
20:44:23.064 Disk 0 MBR scan
20:44:23.164 Disk 0 Windows VISTA default MBR code
20:44:23.184 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
20:44:23.206 Disk 0 Boot: NTFS code=1
20:44:23.229 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648
20:44:23.286 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
20:44:23.319 Disk 0 scanning C:\Windows\system32\drivers
20:44:23.324 Service scanning
20:45:21.116 Modules scanning
20:45:21.116 Disk 0 trace - called modules:
20:45:21.147 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ntoskrnl.exe iaStor.sys hal.dll
20:45:21.147 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c92060]
20:45:21.147 3 CLASSPNP.SYS[fffff88001b7c43f] -> nt!IofCallDriver -> [0xfffffa800492de40]
20:45:21.147 5 ACPI.sys[fffff88000f097a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004930050]
20:45:28.870 AVAST engine scan C:\Windows
20:46:25.708 AVAST engine scan C:\Windows\system32
20:51:01.970 AVAST engine scan C:\Windows\system32\drivers
20:51:22.950 AVAST engine scan C:\Users\admin
21:14:45.336 Scan stopped
21:15:08.042 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
21:15:08.092 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"
 

Attachments

:snwelcome:


First open up Malwarebytes and go to the History Tab > Quarantine Files and open the last one you ran that removed those entries and when it opens copy to clipboard and post it here please, so I can see what it removed and may get a better picture of whats going on.

Try running this program instead of DDS, it will show us more

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 
Malware Quarantine and Farbar files Part 1

Here are the requested files

Malware scan history from 7/12/2014 (I also ran the program earlier and can send a file from 7/6/14 if needed.)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/12/2014
Scan Time: 12:33:45 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.12.05
Rootkit Database: v2014.07.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307447
Time Elapsed: 18 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.Adpeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\yewimmxqbs64, No Action By User, [cdd8782699e29e9856507a98ad57a15f],
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\rrsavings, No Action By User, [4362c7d74f2c91a501622da029d956aa],
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\rrsavings, No Action By User, [b6efcfcf186387afec75ede0da28d12f],
PUP.Optional.ConduitSearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, No Action By User, [aff63a646813f541184415deac57be42],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-3773765143-1762522670-3504364941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\rrsavings, No Action By User, [5b4a544ab1ca9a9ce08603ca27dbec14],
Adware.Adpeak, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\yewimmxqbs64, Quarantined, [7530a9f5bebddc5a3900f0954db71ce4],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.RRSavings.A, C:\Program Files\rrsavings, No Action By User, [a401bde1bac1b28429126c3dff038779],

Files: 7
PUP.Optional.Trovi.A, C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l4htek0o.default\searchplugins\trovi-search.xml, No Action By User, [b4f119853d3eb77f27f6eeda59a9c040],
PUP.Optional.Adpeak.A, C:\Program Files\002\yewimmxqbs64.exe, No Action By User, [cdd8782699e29e9856507a98ad57a15f],
PUP.Optional.RRSavings.A, C:\Program Files\rrsavings\uninstaller.exe, No Action By User, [a401bde1bac1b28429126c3dff038779],
PUP.Optional.Trovi.A, C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l4htek0o.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MD64D040E-6849-4FC2-B545-01AC5DF05EED&SearchSource=55&CUI=&UM=6&UP=SP5B861986-9E69-429F-86B4-65C97A6D8774&SSPV=");), No Action By User,[7d28910dea914ee885829933eb1956aa]
PUP.Optional.Trovi.A, C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l4htek0o.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MD64D040E-6849-4FC2-B545-01AC5DF05EED&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP5B861986-9E69-429F-86B4-65C97A6D8774");), No Action By User,[e2c3b2ec2e4d8babb55321ab93710af6]
Adware.Adpeak, C:\Program Files\002\yewimmxqbs64.exe, Quarantined, [7530a9f5bebddc5a3900f0954db71ce4],
Trojan.Zbot.FWI, C:\Users\admin\Downloads\Label_US_Centreville_20120.zip, Quarantined, [cbdae8b6fd7ef0464f5a76229f6211ef],

Physical Sectors: 0
(No malicious items detected)


(end)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by admin (administrator) on ADMIN-THINK on 20-07-2014 08:17:15
Running from C:\Users\admin\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Storage Appliance Corp.) C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Storage Appliance Corporation) C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Storage Appliance Corp.) C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => TpShocks.exe
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-20] (Lenovo Group Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3773765143-1762522670-3504364941-1000\...\Run: [SacReminderHDDV2N] => C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe [862032 2010-11-18] (Storage Appliance Corp.)
HKU\S-1-5-21-3773765143-1762522670-3504364941-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk
ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.6.lnk -> C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {2B6C10C8-5EC9-4107-BA39-7E45AEF4A2E0} URL =
SearchScopes: HKCU - {3707A5F0-5A75-4210-92B3-C15DB38BB05F} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {457AF9A6-E74D-46E0-8D50-2618AD74994C} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l4htek0o.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: RivalGaming - C:\Users\admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-07-20]
FF Extension: VideoDownloadConverter - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l4htek0o.default\Extensions\4zffxtbr-bs@VideoDownloadConverter_4z.com [2014-05-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-13]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-03-06]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 CFUACProxy_officeguardianv2n; C:\ProgramData\OfficeGuardianV2N\UACProxy.exe [83792 2010-11-18] (Storage Appliance Corp.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 SacNetAgentService_C57C4F854F53; C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe [163664 2010-11-18] (Storage Appliance Corporation)
R2 SUService; c:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-03-15] (Lenovo Group Limited) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [205952 2009-11-23] (SMI)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-20 08:13 - 2014-07-20 08:13 - 01080320 _____ (Farbar) C:\Users\admin\Downloads\FRST.exe
2014-07-15 20:20 - 2014-07-15 20:20 - 00000773 _____ () C:\Users\admin\Desktop\attach.zip
2014-07-14 21:37 - 2014-07-15 21:15 - 00009420 _____ () C:\Users\admin\Desktop\aswMBR.txt
2014-07-14 21:37 - 2014-07-15 21:15 - 00000512 _____ () C:\Users\admin\Desktop\MBR.dat
2014-07-14 20:30 - 2014-07-15 20:14 - 00001190 _____ () C:\Users\admin\Desktop\attach.txt
2014-07-14 20:27 - 2014-07-14 19:28 - 00688992 ____R (Swearware) C:\Users\admin\Desktop\dds.com
2014-07-14 20:26 - 2014-07-14 20:08 - 05185536 _____ (AVAST Software) C:\Users\admin\Desktop\aswMBR.exe
2014-07-14 20:08 - 2014-07-14 20:08 - 05185536 _____ (AVAST Software) C:\Users\admin\Downloads\aswMBR.exe
2014-07-14 19:28 - 2014-07-14 19:28 - 00688992 _____ (Swearware) C:\Users\admin\Downloads\dds.com
2014-07-14 19:25 - 2014-07-14 19:25 - 00000956 _____ () C:\Users\admin\Desktop\ERUNT.lnk
2014-07-14 19:25 - 2014-07-14 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-14 19:25 - 2014-07-14 19:25 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-14 19:22 - 2014-07-14 19:20 - 00791393 _____ (Lars Hederer ) C:\Users\admin\Desktop\erunt-setup.exe
2014-07-14 19:20 - 2014-07-14 19:20 - 00791393 _____ (Lars Hederer ) C:\Users\admin\Downloads\erunt-setup.exe
2014-07-13 13:10 - 2014-07-13 13:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-13 11:30 - 2014-07-02 01:29 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-13 11:30 - 2014-07-02 01:21 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-13 11:30 - 2014-07-02 01:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-13 11:30 - 2014-07-02 01:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-13 11:29 - 2014-07-13 11:30 - 00004158 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b15.log
2014-07-13 10:32 - 2014-07-13 10:32 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-13 10:32 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-13 10:32 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-13 10:32 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-13 10:32 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-13 10:32 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-13 10:32 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-13 10:32 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-13 10:32 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-13 10:32 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-13 10:32 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-13 10:32 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-13 10:32 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-13 10:32 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-13 10:32 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-13 10:30 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-13 10:30 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-13 10:30 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-13 10:20 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-13 10:19 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-13 10:19 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-13 10:19 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-13 10:19 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-13 10:19 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-13 10:19 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-13 10:19 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-13 10:19 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-13 10:19 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-13 10:19 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-13 10:19 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-13 10:19 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-13 10:19 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-13 10:19 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-13 10:19 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-13 10:19 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-13 10:19 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-13 10:19 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-13 10:19 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-13 10:19 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-13 10:19 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-13 10:19 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-13 10:19 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-13 10:19 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-13 10:19 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-13 10:19 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-13 10:19 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-13 10:19 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-13 10:19 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-13 10:19 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-13 10:19 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-13 10:19 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-13 10:19 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-13 10:19 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-13 10:19 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-13 10:19 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-13 10:19 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-13 10:19 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-13 10:19 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-13 10:19 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-13 10:19 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-13 10:19 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-13 10:19 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-13 10:19 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-13 10:19 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-13 10:19 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-13 10:19 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-13 10:19 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-13 10:19 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-13 10:19 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-13 10:19 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-13 10:19 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-13 10:19 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-13 10:19 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-13 10:19 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-13 10:19 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-13 10:19 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-13 10:19 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-13 10:19 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-13 10:19 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-13 10:19 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-13 10:19 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-13 10:19 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-12 19:18 - 2014-07-12 19:49 - 00000000 ____D () C:\Users\admin\Desktop\mbar
2014-07-12 19:18 - 2014-07-12 19:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-12 19:15 - 2014-07-12 19:12 - 14349744 _____ (Malwarebytes Corp.) C:\Users\admin\Desktop\mbar-1.07.0.1012.exe
2014-07-12 19:12 - 2014-07-12 19:12 - 14349744 _____ (Malwarebytes Corp.) C:\Users\admin\Downloads\mbar-1.07.0.1012.exe
2014-07-12 18:52 - 2014-07-12 18:53 - 00000085 _____ () C:\Windows\wininit.ini
2014-07-12 15:09 - 2014-07-12 15:19 - 00000000 ____D () C:\ComboFix
2014-07-12 14:54 - 2014-07-12 14:52 - 01016261 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2014-07-12 14:53 - 2014-07-12 14:52 - 01016261 _____ (Thisisu) C:\Users\admin\Downloads\JRT.exe
2014-07-12 13:04 - 2014-07-20 08:16 - 00000000 ____D () C:\Users\admin\Desktop\FRST-OlderVersion
2014-07-12 12:56 - 2014-07-13 11:25 - 00004802 _____ () C:\Windows\PFRO.log
2014-07-11 22:52 - 2014-07-20 06:01 - 00252315 _____ () C:\Windows\WindowsUpdate.log
2014-07-11 22:33 - 2014-07-20 05:17 - 00000336 _____ () C:\Windows\setupact.log
2014-07-11 22:33 - 2014-07-11 22:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-11 22:23 - 2014-07-11 22:23 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-11 22:23 - 2014-07-11 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-11 22:23 - 2014-07-11 22:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-10 22:42 - 2014-07-12 18:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-10 22:42 - 2014-07-12 18:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-10 21:52 - 2014-07-10 21:52 - 00000000 ____D () C:\SUPERDelete
2014-07-10 21:48 - 2014-07-10 21:48 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task da46279b-4a98-420f-933d-ee03bb02b2b1.job
2014-07-10 21:48 - 2014-07-10 21:48 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c6675572-512e-43c2-b0cc-dfb9efd7f5e0.job
2014-07-10 21:48 - 2014-07-10 21:48 - 00000000 ____D () C:\Users\admin\AppData\Roaming\SUPERAntiSpyware.com
2014-07-10 21:46 - 2014-07-10 22:07 - 00001976 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-07-10 21:46 - 2014-07-10 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-10 21:46 - 2014-07-10 21:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-10 21:46 - 2014-07-10 21:46 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-10 21:44 - 2014-07-10 21:40 - 04812672 _____ (Piriform Ltd) C:\Users\admin\Desktop\ccsetup415.exe
2014-07-10 21:43 - 2014-07-10 21:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\admin\Desktop\spybot-2.4.exe
2014-07-10 21:43 - 2014-07-10 21:32 - 19998520 _____ (SUPERAntiSpyware) C:\Users\admin\Desktop\SUPERAntiSpyware.exe
2014-07-10 21:40 - 2014-07-10 21:40 - 04812672 _____ (Piriform Ltd) C:\Users\admin\Downloads\ccsetup415.exe
2014-07-10 21:38 - 2014-07-10 21:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\admin\Downloads\spybot-2.4.exe
2014-07-10 21:32 - 2014-07-10 21:32 - 19998520 _____ (SUPERAntiSpyware) C:\Users\admin\Downloads\SUPERAntiSpyware.exe
2014-07-10 21:15 - 2014-07-10 21:15 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\admin\Desktop\rkill64.exe
2014-07-10 21:01 - 2014-07-10 21:21 - 00001420 _____ () C:\Users\admin\Desktop\Rkill.txt
2014-07-10 21:01 - 2014-07-10 21:00 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\admin\Desktop\rkill.exe
2014-07-10 21:00 - 2014-07-10 21:00 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\admin\Downloads\rkill.exe
2014-07-10 20:59 - 2014-07-10 20:57 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\admin\Desktop\rkill.com
2014-07-10 20:57 - 2014-07-10 21:00 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\admin\Downloads\rkill.com
2014-07-10 20:00 - 2014-07-10 20:00 - 00000000 ____D () C:\Windows\pss
2014-07-10 19:44 - 2014-07-10 19:43 - 00929416 _____ (CNET Download.com) C:\Users\admin\Desktop\cbsidlm-cbsi188-Junkware_Removal_Tool-SEO-75910255.exe
2014-07-10 19:43 - 2014-07-10 19:43 - 00929416 _____ (CNET Download.com) C:\Users\admin\Downloads\cbsidlm-cbsi188-Junkware_Removal_Tool-SEO-75910255.exe
2014-07-08 20:12 - 2014-07-08 20:14 - 00036020 _____ () C:\Users\admin\Desktop\Addition.txt
2014-07-08 20:00 - 2014-07-20 08:17 - 00016413 _____ () C:\Users\admin\Desktop\FRST.txt
2014-07-08 19:58 - 2014-07-20 08:18 - 00000000 ____D () C:\FRST
2014-07-08 19:56 - 2014-07-20 08:16 - 02089984 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-07-08 19:53 - 2014-07-08 19:53 - 02084352 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2014-07-08 19:19 - 2014-07-08 19:18 - 01348263 _____ () C:\Users\admin\Desktop\adwcleaner_3.215.exe
2014-07-08 19:18 - 2014-07-08 19:18 - 01348263 _____ () C:\Users\admin\Downloads\adwcleaner_3.215.exe
2014-07-08 19:15 - 2014-07-06 15:54 - 04707328 _____ () C:\Users\admin\Desktop\RogueKiller.exe
2014-07-06 21:04 - 2014-07-12 14:58 - 05218570 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2014-07-06 16:05 - 2014-07-20 08:14 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2014-07-06 16:04 - 2014-07-06 16:05 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-06 10:00 - 2014-07-06 11:36 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Luqyva
2014-07-06 09:50 - 2014-07-20 07:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-06 09:47 - 2014-07-06 09:47 - 00001153 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-06 09:38 - 2014-07-06 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-06 09:37 - 2014-07-12 19:18 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-06 09:37 - 2014-07-06 09:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-06 09:37 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-06 09:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-06 08:57 - 2014-07-06 08:57 - 00000000 ____D () C:\found.000
2014-07-05 21:46 - 2014-07-06 07:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Geyhar
2014-07-05 18:07 - 2014-07-05 18:08 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Ikysid
2014-07-05 15:21 - 2014-07-05 18:06 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Suukyw

==================== One Month Modified Files and Folders =======

2014-07-20 08:18 - 2014-07-08 20:00 - 00016413 _____ () C:\Users\admin\Desktop\FRST.txt
2014-07-20 08:18 - 2014-07-08 19:58 - 00000000 ____D () C:\FRST
2014-07-20 08:16 - 2014-07-12 13:04 - 00000000 ____D () C:\Users\admin\Desktop\FRST-OlderVersion
2014-07-20 08:16 - 2014-07-08 19:56 - 02089984 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-07-20 08:15 - 2010-12-18 13:11 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-07-20 08:14 - 2014-07-06 16:05 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2014-07-20 08:13 - 2014-07-20 08:13 - 01080320 _____ (Farbar) C:\Users\admin\Downloads\FRST.exe
2014-07-20 08:10 - 2010-12-18 13:11 - 00000382 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-07-20 07:47 - 2014-07-06 09:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 07:33 - 2012-04-18 19:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-20 07:13 - 2014-07-11 22:52 - 00252315 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 05:29 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-20 05:29 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-20 05:21 - 2011-11-06 16:06 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A5F8349E-1752-4697-865D-471CF82211BC}
2014-07-20 05:17 - 2014-07-11 22:33 - 00000336 _____ () C:\Windows\setupact.log
2014-07-20 05:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-15 21:15 - 2014-07-14 21:37 - 00009420 _____ () C:\Users\admin\Desktop\aswMBR.txt
2014-07-15 21:15 - 2014-07-14 21:37 - 00000512 _____ () C:\Users\admin\Desktop\MBR.dat
2014-07-15 20:20 - 2014-07-15 20:20 - 00000773 _____ () C:\Users\admin\Desktop\attach.zip
2014-07-15 20:14 - 2014-07-14 20:30 - 00001190 _____ () C:\Users\admin\Desktop\attach.txt
2014-07-14 20:08 - 2014-07-14 20:26 - 05185536 _____ (AVAST Software) C:\Users\admin\Desktop\aswMBR.exe
2014-07-14 20:08 - 2014-07-14 20:08 - 05185536 _____ (AVAST Software) C:\Users\admin\Downloads\aswMBR.exe
2014-07-14 19:28 - 2014-07-14 20:27 - 00688992 ____R (Swearware) C:\Users\admin\Desktop\dds.com
2014-07-14 19:28 - 2014-07-14 19:28 - 00688992 _____ (Swearware) C:\Users\admin\Downloads\dds.com
2014-07-14 19:26 - 2012-03-18 15:58 - 00000000 ____D () C:\Windows\ERDNT
2014-07-14 19:25 - 2014-07-14 19:25 - 00000956 _____ () C:\Users\admin\Desktop\ERUNT.lnk
2014-07-14 19:25 - 2014-07-14 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-14 19:25 - 2014-07-14 19:25 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-14 19:20 - 2014-07-14 19:22 - 00791393 _____ (Lars Hederer ) C:\Users\admin\Desktop\erunt-setup.exe
2014-07-14 19:20 - 2014-07-14 19:20 - 00791393 _____ (Lars Hederer ) C:\Users\admin\Downloads\erunt-setup.exe
2014-07-14 17:52 - 2012-05-06 11:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-13 15:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-13 13:11 - 2014-07-13 13:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-13 11:30 - 2014-07-13 11:29 - 00004158 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b15.log
2014-07-13 11:30 - 2014-01-01 20:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-13 11:30 - 2013-09-06 18:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-13 11:25 - 2014-07-12 12:56 - 00004802 _____ () C:\Windows\PFRO.log
2014-07-13 11:25 - 2009-07-14 00:45 - 00335184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-13 11:23 - 2014-05-07 20:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-13 11:23 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 11:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-13 11:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-13 10:33 - 2012-04-18 19:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-13 10:33 - 2012-04-18 19:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-13 10:33 - 2011-05-16 18:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-13 10:32 - 2014-07-13 10:32 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-13 10:25 - 2013-08-15 00:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-13 10:08 - 2011-02-03 19:48 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-12 19:49 - 2014-07-12 19:18 - 00000000 ____D () C:\Users\admin\Desktop\mbar
2014-07-12 19:49 - 2014-07-12 19:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-12 19:18 - 2014-07-06 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-12 19:12 - 2014-07-12 19:15 - 14349744 _____ (Malwarebytes Corp.) C:\Users\admin\Desktop\mbar-1.07.0.1012.exe
2014-07-12 19:12 - 2014-07-12 19:12 - 14349744 _____ (Malwarebytes Corp.) C:\Users\admin\Downloads\mbar-1.07.0.1012.exe
2014-07-12 18:54 - 2014-07-10 22:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-12 18:53 - 2014-07-12 18:52 - 00000085 _____ () C:\Windows\wininit.ini
2014-07-12 18:53 - 2014-07-10 22:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-12 15:19 - 2014-07-12 15:09 - 00000000 ____D () C:\ComboFix
2014-07-12 15:18 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-12 14:58 - 2014-07-06 21:04 - 05218570 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2014-07-12 14:52 - 2014-07-12 14:54 - 01016261 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2014-07-12 14:52 - 2014-07-12 14:53 - 01016261 _____ (Thisisu) C:\Users\admin\Downloads\JRT.exe
2014-07-12 12:59 - 2013-10-15 05:40 - 00000000 ____D () C:\AdwCleaner
2014-07-12 12:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-07-11 22:33 - 2014-07-11 22:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-11 22:29 - 2011-11-05 21:12 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-07-11 22:28 - 2009-07-24 13:29 - 00000000 ____D () C:\Windows\Panther
2014-07-11 22:23 - 2014-07-11 22:23 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-11 22:23 - 2014-07-11 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-11 22:23 - 2014-07-11 22:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-10 22:07 - 2014-07-10 21:46 - 00001976 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-07-10 21:52 - 2014-07-10 21:52 - 00000000 ____D () C:\SUPERDelete
2014-07-10 21:48 - 2014-07-10 21:48 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task da46279b-4a98-420f-933d-ee03bb02b2b1.job
2014-07-10 21:48 - 2014-07-10 21:48 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c6675572-512e-43c2-b0cc-dfb9efd7f5e0.job
2014-07-10 21:48 - 2014-07-10 21:48 - 00000000 ____D () C:\Users\admin\AppData\Roaming\SUPERAntiSpyware.com
2014-07-10 21:48 - 2014-07-10 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-10 21:48 - 2014-07-10 21:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-10 21:46 - 2014-07-10 21:46 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-10 21:40 - 2014-07-10 21:44 - 04812672 _____ (Piriform Ltd) C:\Users\admin\Desktop\ccsetup415.exe
2014-07-10 21:40 - 2014-07-10 21:40 - 04812672 _____ (Piriform Ltd) C:\Users\admin\Downloads\ccsetup415.exe
2014-07-10 21:38 - 2014-07-10 21:43 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\admin\Desktop\spybot-2.4.exe
2014-07-10 21:38 - 2014-07-10 21:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\admin\Downloads\spybot-2.4.exe
2014-07-10 21:32 - 2014-07-10 21:43 - 19998520 _____ (SUPERAntiSpyware) C:\Users\admin\Desktop\SUPERAntiSpyware.exe
2014-07-10 21:32 - 2014-07-10 21:32 - 19998520 _____ (SUPERAntiSpyware) C:\Users\admin\Downloads\SUPERAntiSpyware.exe
2014-07-10 21:21 - 2014-07-10 21:01 - 00001420 _____ () C:\Users\admin\Desktop\Rkill.txt
2014-07-10 21:15 - 2014-07-10 21:15 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\admin\Desktop\rkill64.exe
2014-07-10 21:00 - 2014-07-10 21:01 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\admin\Desktop\rkill.exe
2014-07-10 21:00 - 2014-07-10 21:00 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\admin\Downloads\rkill.exe
2014-07-10 21:00 - 2014-07-10 20:57 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\admin\Downloads\rkill.com
2014-07-10 20:57 - 2014-07-10 20:59 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\admin\Desktop\rkill.com
2014-07-10 20:00 - 2014-07-10 20:00 - 00000000 ____D () C:\Windows\pss
2014-07-10 19:43 - 2014-07-10 19:44 - 00929416 _____ (CNET Download.com) C:\Users\admin\Desktop\cbsidlm-cbsi188-Junkware_Removal_Tool-SEO-75910255.exe
2014-07-10 19:43 - 2014-07-10 19:43 - 00929416 _____ (CNET Download.com) C:\Users\admin\Downloads\cbsidlm-cbsi188-Junkware_Removal_Tool-SEO-75910255.exe
2014-07-08 20:14 - 2014-07-08 20:12 - 00036020 _____ () C:\Users\admin\Desktop\Addition.txt
2014-07-08 19:53 - 2014-07-08 19:53 - 02084352 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2014-07-08 19:18 - 2014-07-08 19:19 - 01348263 _____ () C:\Users\admin\Desktop\adwcleaner_3.215.exe
2014-07-08 19:18 - 2014-07-08 19:18 - 01348263 _____ () C:\Users\admin\Downloads\adwcleaner_3.215.exe
2014-07-08 19:00 - 2013-09-02 06:28 - 00000000 ____D () C:\Users\admin\AppData\Local\Avg2013
2014-07-08 19:00 - 2013-09-02 06:28 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-08 18:58 - 2013-09-02 06:32 - 00000000 ____D () C:\ProgramData\AVG2013
2014-07-08 18:57 - 2013-09-02 06:32 - 00000000 ____D () C:\$AVG
2014-07-06 18:50 - 2012-03-18 15:57 - 00000000 ____D () C:\Qoobox
2014-07-06 16:05 - 2014-07-06 16:04 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-06 15:54 - 2014-07-08 19:15 - 04707328 _____ () C:\Users\admin\Desktop\RogueKiller.exe
2014-07-06 11:36 - 2014-07-06 10:00 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Luqyva
2014-07-06 09:48 - 2012-03-18 10:53 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Malwarebytes
2014-07-06 09:47 - 2014-07-06 09:47 - 00001153 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-06 09:47 - 2014-07-06 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-06 09:38 - 2014-07-06 09:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-06 09:37 - 2012-03-18 10:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-06 09:36 - 2013-10-15 05:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-06 08:57 - 2014-07-06 08:57 - 00000000 ____D () C:\found.000
2014-07-06 07:59 - 2010-12-18 13:11 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-07-06 07:59 - 2010-12-18 13:11 - 00000000 ____D () C:\ProgramData\PCDr
2014-07-06 07:55 - 2014-07-05 21:46 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Geyhar
2014-07-05 18:08 - 2014-07-05 18:07 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Ikysid
2014-07-05 18:06 - 2014-07-05 15:21 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Suukyw
2014-07-04 18:34 - 2009-07-14 01:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-02 01:29 - 2014-07-13 11:30 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-02 01:21 - 2014-07-13 11:30 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-02 01:21 - 2014-07-13 11:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-02 01:20 - 2014-07-13 11:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-29 22:09 - 2014-07-13 10:20 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-13 10:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-20 16:14 - 2014-07-13 10:19 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-13 10:19 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-13 15:19

==================== End Of Log ============================
 
Additional Logs requested, Part 2

I ran FARBAR earlier andit generated Addition.txt at that time but did not create it again. So, I included the older file.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by admin at 2014-07-08 20:12:55
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
ABBYY FineReader for ScanSnap (TM) 4.1 (HKLM-x32\...\{FB410000-0002-0000-0000-074957833700}) (Version: 8.02.650.72520 - ABBYY)
AbiWord 2.6.4 (HKLM-x32\...\AbiWord2) (Version: 2.6.4 - AbiSource Developers)
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.0.5 - )
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L40 - PFU)
CardMinder V4.1 (x32 Version: 4.1.40.1 - PFU) Hidden
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
GoToMeeting 5.1.0.880 (HKCU\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{650AF771-456D-418F-BFC7-F6FFC9D0235C}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
ImageMixer 3 SE Ver.6 Transfer Utility (HKLM-x32\...\{3A2AD071-AABD-4712-A43E-11D06BAA661D}) (Version: 6.00.017 - PIXELA)
ImageMixer 3 SE Ver.6 Video Tools (HKLM-x32\...\{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}) (Version: 6.00.018 - PIXELA)
Integrated Camera (HKLM\...\Integrated Camera) (Version: 5.50.2.7 - Silicon Motion)
Integrated Camera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.50.2.7 - Silicon Motion)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
Intel(R) Wireless Display (HKLM\...\{0D9917CE-1C77-4B58-A153-DCB5A854ED82}) (Version: 1.2.15.0 - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.199 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.199 - InterVideo Inc.) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Battery Utility 2014 1.2 (HKLM-x32\...\{62D5A67D-E5CC-4D79-8998-DDFDB7750346}_is1) (Version: 1.2 - Lenovo Corp)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.22 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.02 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5717.37 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: - Lenovo)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\{4330AAE7-1893-42F9-BC38-539A1A60530B}) (Version: 3.6.0034 - Lenovo)
Mozilla Firefox 24.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office Clip Art (HKLM-x32\...\Office Clip Art) (Version: - Freeze.com, LLC)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.10.00 - )
PDF Creator (HKLM\...\PDF Creator) (Version: - )
PDF Writer Packages (HKCU\...\PDF Writer Packages) (Version: - ) <==== ATTENTION
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
ScanSnap (x32 Version: 5.1.30.19 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L41 - PFU)
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L30 - PFU)
ScanSnap Organizer (x32 Version: 4.1.30.16 - PFU LIMITED) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0032 - Lenovo)
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.30 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.71 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.41 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{55CEDC7F-3965-47C0-AC71-40AAA418B6A5}) (Version: 5.9.3.6264 - UPEK Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Driver Package - Intel (iaStor) hdc (01/15/2010 9.5.7.1002) (HKLM\...\C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6) (Version: 01/15/2010 9.5.7.1002 - Intel)
Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/29/2010 6.0.1.6146) (HKLM\...\03A7DBDC77B53F52C7EA041F531310CFC5E2AD9E) (Version: 06/29/2010 6.0.1.6146 - Realtek Semiconductor Corp.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

27-05-2014 01:44:11 Scheduled Checkpoint
03-06-2014 22:11:39 Scheduled Checkpoint
12-06-2014 22:38:17 Windows Update
06-07-2014 22:50:47 ComboFix created restore point
08-07-2014 22:45:48 Removed AVG 2013
08-07-2014 22:59:07 Removed AVG 2013

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-07-06 19:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00879011-1C6F-46F4-8EF5-1961D43957A6} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2010-11-11] ()
Task: {03BF0843-E11E-41C5-9AC9-C32370A316C0} - \DigitalSite No Task File <==== ATTENTION
Task: {30BE5F54-319E-4AFA-91AD-83FFAD6C7016} - System32\Tasks\JavaUpdateSched => C:\Windows\SysWOW64\jusched.exe
Task: {3EE31928-84CB-4EEE-8427-6050709D6F2D} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-24] (Lenovo Group Limited)
Task: {50DD057A-13EA-4521-8695-8565F1D50955} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {527983EB-FBA1-4A28-BE2E-A983CED92D07} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {B93B38CC-0033-4039-BCAC-2176D2CFE64B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {D9F957AE-4748-4733-A511-E99E287BBF36} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-01-27] (PC-Doctor, Inc.)
Task: {DF19E8C3-AF3C-4B85-9534-F1898641342F} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdrcui.exe [2011-01-27] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2010-03-05 13:21 - 2010-03-05 13:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-09-22 12:52 - 2011-10-04 22:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2011-11-05 21:12 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-12-18 12:50 - 2010-08-24 14:30 - 00038912 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2010-03-05 13:21 - 2010-03-05 13:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-11-29 04:34 - 2010-11-29 04:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-05-28 02:09 - 2009-05-28 02:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2010-12-18 12:42 - 2009-10-23 22:50 - 00326144 _____ () C:\Windows\system32\370prop.ax
2012-03-06 21:06 - 2008-11-12 16:32 - 00014848 _____ () C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPath.dll
2011-04-04 21:00 - 2009-07-21 15:42 - 00364544 ____N () C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\pxl_m17n_tool.dll
2012-03-06 21:03 - 2011-08-31 09:41 - 00376832 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2012-03-06 21:03 - 2011-03-16 16:30 - 00233472 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2012-03-06 21:03 - 2003-03-26 19:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2012-03-06 21:03 - 2010-08-24 17:56 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2014 09:12:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000008
Fault offset: 0x00000000000cd7e8
Faulting process id: 0xf00
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (07/06/2014 08:53:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17126, time stamp: 0x53882d40
Faulting module name: shell32.DLL, version: 6.1.7601.18429, time stamp: 0x5330ecd9
Exception code: 0xc0000005
Fault offset: 0x000000000024e3f7
Faulting process id: 0x11cc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/06/2014 08:49:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000022
Fault offset: 0x00000000000cd7e8
Faulting process id: 0x97c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (07/06/2014 06:38:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17126, time stamp: 0x53882d40
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0xc0000005
Fault offset: 0x000000000000116b
Faulting process id: 0x6b4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/06/2014 06:00:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17126, time stamp: 0x53882d40
Faulting module name: Flash64_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359ce87
Exception code: 0xc0000005
Fault offset: 0x0000000000247089
Faulting process id: 0x1444
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/06/2014 05:23:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17126, time stamp: 0x53882d40
Faulting module name: Flash64_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359ce87
Exception code: 0xc0000005
Fault offset: 0x00000000002e42de
Faulting process id: 0x1688
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/06/2014 05:10:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 944

Start Time: 01cf995e330a8682

Termination Time: 16

Application Path: C:\Windows\Explorer.EXE

Report Id: e9358ec5-0551-11e4-b977-60eb694ec18d

Error: (07/06/2014 04:49:44 PM) (Source: ESENT) (EventID: 454) (User: )
Description: DllHost (1184) WebCacheLocal: Database recovery/restore failed with unexpected error -543.

Error: (07/06/2014 04:49:43 PM) (Source: ESENT) (EventID: 453) (User: )
Description: DllHost (1184) WebCacheLocal: Database C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat requires logfiles 907-917 (C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V010038B.log - C:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\V01.log) in order to recover successfully. Recovery could only locate logfiles up to 916 (DllHost0).

Error: (07/06/2014 04:07:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: xakage.exe, version: 0.28672.24530.32418, time stamp: 0x539d8886
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x001b783c
Faulting process id: 0x2a8
Faulting application start time: 0xxakage.exe0
Faulting application path: xakage.exe1
Faulting module path: xakage.exe2
Report Id: xakage.exe3


System errors:
=============
Error: (07/08/2014 07:49:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (07/08/2014 07:48:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (07/08/2014 07:47:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

Error: (07/08/2014 07:46:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Security Center service hung on starting.

Error: (07/08/2014 07:46:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (07/08/2014 07:45:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (07/08/2014 07:44:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Management & Security Application User Notification Service service hung on starting.

Error: (07/08/2014 07:39:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/08/2014 07:38:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (07/08/2014 07:36:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (01/25/2014 01:02:36 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 5840 seconds with 3360 seconds of active time. This session ended with a crash.

Error: (11/18/2012 05:32:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 13819 seconds with 1380 seconds of active time. This session ended with a crash.

Error: (10/07/2012 08:44:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11793 seconds with 8940 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2014-07-06 19:04:00.352
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-06 19:04:00.305
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-06 19:04:00.258
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-06 19:04:00.227
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-18 16:02:19.233
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-18 16:02:19.202
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 68%
Total physical RAM: 3892.45 MB
Available physical RAM: 1218.18 MB
Total Pagefile: 7784.9 MB
Available Pagefile: 4203.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:392.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:1.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: C6D19D70)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
You have run a lot of programs on the computer including Combofix, its a very powerful tool and can damage your system if not run with supervision


Open notepad (Start =>All Programs => Accessories => Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. (it has to be right next to FRST/64)

Start
Task: {03BF0843-E11E-41C5-9AC9-C32370A316C0} - \DigitalSite No Task File <==== ATTENTION
Hosts:
Reboot:
End
Click to expand...

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.




It also looks like whatever Malwarebytes found was not removed, I am going to post the instructions for running it again and how to remove whats found



  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
 
Logs for fixlog.txt and new malwarebytes scan

Here are the logs requested. Thoughts? Comments?

Thanks again for your help.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-07-2014
Ran by admin at 2014-07-20 09:48:40 Run:1
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Task: {03BF0843-E11E-41C5-9AC9-C32370A316C0} - \DigitalSite No Task File <==== ATTENTION
Hosts:
Reboot:
End
*****************

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03BF0843-E11E-41C5-9AC9-C32370A316C0}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03BF0843-E11E-41C5-9AC9-C32370A316C0}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DigitalSite' => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.


The system needed a reboot.

==== End of Fixlog ====


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/20/2014
Scan Time: 9:55:23 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.20.04
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313975
Time Elapsed: 11 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
Your log is looking fine.

RivalGaming <-- I would uninstall this, sometimes it includes malware

C:\Windows\system32\drivers\ SPPD.sys <-- This is part of search protect, see if you can delete it, leave it in the trash for a day or so .


With all the programs you have run you have taken out any clue as to what the infection is, its best to just bite the bullet and post right away before removing anything on your own


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
 
TDSSKILLER log, part 1

I could not find Rival Gaming in the list of programs either in program list or in the "add/remove programs" portion of the control panel. Guidance on where/how to find it would be appreciated.

I also did not find the c:\Windosw\system32\drivers\ SPPD.sys. So I could not delete it. Again, more guidance on that?

TDSSKiller.exe found and remove 1 malicious object. Here is the log.

12:29:05.0064 0x0484 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
12:29:20.0663 0x0484 ============================================================
12:29:20.0663 0x0484 Current date / time: 2014/07/20 12:29:20.0663
12:29:20.0663 0x0484 SystemInfo:
12:29:20.0663 0x0484
12:29:20.0663 0x0484 OS Version: 6.1.7601 ServicePack: 1.0
12:29:20.0663 0x0484 Product type: Workstation
12:29:20.0663 0x0484 ComputerName: ADMIN-THINK
12:29:20.0673 0x0484 UserName: admin
12:29:20.0673 0x0484 Windows directory: C:\Windows
12:29:20.0673 0x0484 System windows directory: C:\Windows
12:29:20.0673 0x0484 Running under WOW64
12:29:20.0673 0x0484 Processor architecture: Intel x64
12:29:20.0673 0x0484 Number of processors: 4
12:29:20.0673 0x0484 Page size: 0x1000
12:29:20.0673 0x0484 Boot type: Normal boot
12:29:20.0673 0x0484 ============================================================
12:29:22.0441 0x0484 KLMD registered as C:\Windows\system32\drivers\32484159.sys
12:29:22.0805 0x0484 System UUID: {BD7BD675-90C7-3AA9-CEF4-1CC262BE6584}
12:29:23.0400 0x0484 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:29:23.0405 0x0484 ============================================================
12:29:23.0405 0x0484 \Device\Harddisk0\DR0:
12:29:23.0405 0x0484 MBR partitions:
12:29:23.0405 0x0484 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
12:29:23.0405 0x0484 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x38DA4FF8
12:29:23.0405 0x0484 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38FFD800, BlocksNum 0x1388000
12:29:23.0405 0x0484 ============================================================
12:29:23.0448 0x0484 C: <-> \Device\Harddisk0\DR0\Partition2
12:29:23.0625 0x0484 Q: <-> \Device\Harddisk0\DR0\Partition3
12:29:23.0683 0x0484 ============================================================
12:29:23.0683 0x0484 Initialize success
12:29:23.0683 0x0484 ============================================================
12:30:57.0218 0x1bf8 ============================================================
12:30:57.0218 0x1bf8 Scan started
12:30:57.0218 0x1bf8 Mode: Manual;
12:30:57.0218 0x1bf8 ============================================================
12:30:57.0218 0x1bf8 KSN ping started
12:31:00.0073 0x1bf8 KSN ping finished: true
12:31:01.0243 0x1bf8 ================ Scan system memory ========================
12:31:01.0243 0x1bf8 System memory - ok
12:31:01.0243 0x1bf8 ================ Scan services =============================
12:31:01.0383 0x1bf8 [ 620C92D6EEFA9853A3EAD41B5EB9B5FD, 72DD7297179AC6629B816DD9656D5EC3F02BE677EA01A05A5EB808180F0D775F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:31:01.0383 0x1bf8 !SASCORE - ok
12:31:01.0633 0x1bf8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:31:01.0633 0x1bf8 1394ohci - ok
12:31:01.0679 0x1bf8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:31:01.0711 0x1bf8 ACPI - ok
12:31:01.0757 0x1bf8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:31:01.0757 0x1bf8 AcpiPmi - ok
12:31:01.0913 0x1bf8 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:31:01.0913 0x1bf8 AdobeARMservice - ok
12:31:02.0069 0x1bf8 [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:31:02.0101 0x1bf8 AdobeFlashPlayerUpdateSvc - ok
12:31:02.0179 0x1bf8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:31:02.0225 0x1bf8 adp94xx - ok
12:31:02.0288 0x1bf8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:31:02.0319 0x1bf8 adpahci - ok
12:31:02.0350 0x1bf8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:31:02.0366 0x1bf8 adpu320 - ok
12:31:02.0397 0x1bf8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:31:02.0397 0x1bf8 AeLookupSvc - ok
12:31:02.0459 0x1bf8 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
12:31:02.0506 0x1bf8 AFD - ok
12:31:02.0569 0x1bf8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
12:31:02.0569 0x1bf8 agp440 - ok
12:31:02.0600 0x1bf8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
12:31:02.0600 0x1bf8 ALG - ok
12:31:02.0647 0x1bf8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
12:31:02.0662 0x1bf8 aliide - ok
12:31:02.0678 0x1bf8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
12:31:02.0693 0x1bf8 amdide - ok
12:31:02.0725 0x1bf8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:31:02.0725 0x1bf8 AmdK8 - ok
12:31:02.0740 0x1bf8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:31:02.0756 0x1bf8 AmdPPM - ok
12:31:02.0787 0x1bf8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:31:02.0803 0x1bf8 amdsata - ok
12:31:02.0834 0x1bf8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:31:02.0849 0x1bf8 amdsbs - ok
12:31:02.0881 0x1bf8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:31:02.0881 0x1bf8 amdxata - ok
12:31:02.0912 0x1bf8 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
12:31:02.0912 0x1bf8 AppID - ok
12:31:02.0959 0x1bf8 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:31:02.0959 0x1bf8 AppIDSvc - ok
12:31:02.0974 0x1bf8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
12:31:02.0990 0x1bf8 Appinfo - ok
12:31:03.0037 0x1bf8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:31:03.0052 0x1bf8 arc - ok
12:31:03.0068 0x1bf8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:31:03.0083 0x1bf8 arcsas - ok
12:31:03.0193 0x1bf8 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:31:03.0208 0x1bf8 aspnet_state - ok
12:31:03.0239 0x1bf8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:31:03.0239 0x1bf8 AsyncMac - ok
12:31:03.0271 0x1bf8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
12:31:03.0271 0x1bf8 atapi - ok
12:31:03.0349 0x1bf8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:31:03.0395 0x1bf8 AudioEndpointBuilder - ok
12:31:03.0427 0x1bf8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:31:03.0427 0x1bf8 AudioSrv - ok
12:31:03.0505 0x1bf8 [ A1F53D2A00E64679A1D81B61D2333D06, 41D4F252693A2382A1C1FB85A49DF5AAB5B21620DC09A0E1A7F66A437E3A0B3B ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
12:31:03.0505 0x1bf8 avgtp - ok
12:31:03.0551 0x1bf8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:31:03.0551 0x1bf8 AxInstSV - ok
12:31:03.0629 0x1bf8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:31:03.0676 0x1bf8 b06bdrv - ok
12:31:04.0019 0x1bf8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:31:04.0035 0x1bf8 b57nd60a - ok
12:31:04.0160 0x1bf8 [ 5F685973740F289BE3C809952DB8408B, 4C0A0C06BB2B6B1879A860B0D68289A55F80CF74947FCCE7815F1D8121232F62 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe
12:31:04.0175 0x1bf8 BBSvc - ok
12:31:04.0238 0x1bf8 [ 76F78018F45E7F92164CEA5020176933, 76E1CA6E198417F3749864721C43913189A7EA07B5ED320DE543B2037CEA3D65 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
12:31:04.0269 0x1bf8 BBUpdate - ok
12:31:04.0331 0x1bf8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
12:31:04.0347 0x1bf8 BDESVC - ok
12:31:04.0378 0x1bf8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
12:31:04.0378 0x1bf8 Beep - ok
12:31:04.0456 0x1bf8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
12:31:04.0534 0x1bf8 BFE - ok
12:31:04.0628 0x1bf8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
12:31:04.0721 0x1bf8 BITS - ok
12:31:04.0753 0x1bf8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:31:04.0753 0x1bf8 blbdrive - ok
12:31:04.0799 0x1bf8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:31:04.0799 0x1bf8 bowser - ok
12:31:04.0831 0x1bf8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:31:04.0831 0x1bf8 BrFiltLo - ok
12:31:04.0846 0x1bf8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:31:04.0846 0x1bf8 BrFiltUp - ok
12:31:04.0877 0x1bf8 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:31:04.0877 0x1bf8 BridgeMP - ok
12:31:04.0909 0x1bf8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
12:31:04.0924 0x1bf8 Browser - ok
12:31:04.0955 0x1bf8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:31:04.0987 0x1bf8 Brserid - ok
12:31:05.0033 0x1bf8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:31:05.0033 0x1bf8 BrSerWdm - ok
12:31:05.0065 0x1bf8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:31:05.0065 0x1bf8 BrUsbMdm - ok
12:31:05.0080 0x1bf8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:31:05.0080 0x1bf8 BrUsbSer - ok
12:31:05.0127 0x1bf8 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:31:05.0127 0x1bf8 BthEnum - ok
12:31:05.0158 0x1bf8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:31:05.0158 0x1bf8 BTHMODEM - ok
12:31:05.0189 0x1bf8 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:31:05.0189 0x1bf8 BthPan - ok
12:31:05.0267 0x1bf8 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
12:31:05.0299 0x1bf8 BTHPORT - ok
12:31:05.0345 0x1bf8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
12:31:05.0345 0x1bf8 bthserv - ok
12:31:05.0377 0x1bf8 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
12:31:05.0392 0x1bf8 BTHUSB - ok
12:31:05.0439 0x1bf8 catchme - ok
12:31:05.0470 0x1bf8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:31:05.0470 0x1bf8 cdfs - ok
12:31:05.0517 0x1bf8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:31:05.0533 0x1bf8 cdrom - ok
12:31:05.0595 0x1bf8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
12:31:05.0595 0x1bf8 CertPropSvc - ok
12:31:05.0689 0x1bf8 [ 23F5D8AEE57F208E18E4EDFF16EE0DF9, A0E951D7E1EE1BF1459B934CCF214DC66E5335D6B6574AD526B68A1E82594171 ] CFUACProxy_officeguardianv2n C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
12:31:05.0735 0x1bf8 CFUACProxy_officeguardianv2n - ok
12:31:05.0782 0x1bf8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:31:05.0782 0x1bf8 circlass - ok
12:31:05.0845 0x1bf8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
12:31:05.0891 0x1bf8 CLFS - ok
12:31:05.0954 0x1bf8 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:31:05.0969 0x1bf8 clr_optimization_v2.0.50727_32 - ok
12:31:06.0001 0x1bf8 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:31:06.0001 0x1bf8 clr_optimization_v2.0.50727_64 - ok
12:31:06.0079 0x1bf8 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:31:06.0125 0x1bf8 clr_optimization_v4.0.30319_32 - ok
12:31:06.0157 0x1bf8 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:31:06.0188 0x1bf8 clr_optimization_v4.0.30319_64 - ok
12:31:06.0219 0x1bf8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:31:06.0219 0x1bf8 CmBatt - ok
12:31:06.0250 0x1bf8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:31:06.0266 0x1bf8 cmdide - ok
12:31:06.0313 0x1bf8 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
12:31:06.0328 0x1bf8 CNG - ok
12:31:06.0359 0x1bf8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:31:06.0359 0x1bf8 Compbatt - ok
12:31:06.0422 0x1bf8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:31:06.0422 0x1bf8 CompositeBus - ok
12:31:06.0437 0x1bf8 COMSysApp - ok
12:31:06.0469 0x1bf8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:31:06.0469 0x1bf8 crcdisk - ok
12:31:06.0500 0x1bf8 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:31:06.0515 0x1bf8 CryptSvc - ok
12:31:06.0593 0x1bf8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:31:06.0625 0x1bf8 DcomLaunch - ok
12:31:06.0671 0x1bf8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
12:31:06.0687 0x1bf8 defragsvc - ok
12:31:06.0734 0x1bf8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:31:06.0749 0x1bf8 DfsC - ok
12:31:06.0812 0x1bf8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:31:06.0827 0x1bf8 Dhcp - ok
12:31:06.0890 0x1bf8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
12:31:06.0890 0x1bf8 discache - ok
12:31:06.0937 0x1bf8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:31:06.0937 0x1bf8 Disk - ok
12:31:06.0983 0x1bf8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:31:07.0015 0x1bf8 Dnscache - ok
12:31:07.0046 0x1bf8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
12:31:07.0077 0x1bf8 dot3svc - ok
12:31:07.0108 0x1bf8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
12:31:07.0124 0x1bf8 DPS - ok
12:31:07.0171 0x1bf8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:31:07.0171 0x1bf8 drmkaud - ok
12:31:07.0249 0x1bf8 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:31:07.0311 0x1bf8 DXGKrnl - ok
12:31:07.0342 0x1bf8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
12:31:07.0358 0x1bf8 EapHost - ok
12:31:07.0498 0x1bf8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:31:07.0670 0x1bf8 ebdrv - ok
12:31:07.0717 0x1bf8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
12:31:07.0717 0x1bf8 EFS - ok
12:31:07.0810 0x1bf8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:31:07.0873 0x1bf8 ehRecvr - ok
12:31:07.0904 0x1bf8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
12:31:07.0904 0x1bf8 ehSched - ok
12:31:07.0966 0x1bf8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:31:07.0997 0x1bf8 elxstor - ok
12:31:08.0029 0x1bf8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:31:08.0029 0x1bf8 ErrDev - ok
12:31:08.0091 0x1bf8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
12:31:08.0122 0x1bf8 EventSystem - ok
12:31:08.0278 0x1bf8 [ B56D9602DB5FE1C116B1CA5EFD8E2E50, 34F52939089A98860E659BEF6AB8275BC50C33CC282DD3D34E13909BB7E3E575 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:31:08.0325 0x1bf8 EvtEng - ok
12:31:08.0356 0x1bf8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
12:31:08.0372 0x1bf8 exfat - ok
12:31:08.0403 0x1bf8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:31:08.0403 0x1bf8 fastfat - ok
12:31:08.0481 0x1bf8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
12:31:08.0512 0x1bf8 Fax - ok
12:31:08.0543 0x1bf8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:31:08.0543 0x1bf8 fdc - ok
12:31:08.0590 0x1bf8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
12:31:08.0590 0x1bf8 fdPHost - ok
12:31:08.0606 0x1bf8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
12:31:08.0606 0x1bf8 FDResPub - ok
12:31:08.0606 0x1bf8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:31:08.0621 0x1bf8 FileInfo - ok
12:31:08.0637 0x1bf8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:31:08.0637 0x1bf8 Filetrace - ok
12:31:08.0668 0x1bf8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:31:08.0668 0x1bf8 flpydisk - ok
12:31:08.0715 0x1bf8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:31:08.0731 0x1bf8 FltMgr - ok
12:31:08.0824 0x1bf8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
12:31:08.0871 0x1bf8 FontCache - ok
12:31:08.0918 0x1bf8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:31:08.0918 0x1bf8 FontCache3.0.0.0 - ok
12:31:08.0949 0x1bf8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:31:08.0949 0x1bf8 FsDepends - ok
12:31:08.0980 0x1bf8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:31:08.0980 0x1bf8 Fs_Rec - ok
12:31:09.0027 0x1bf8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:31:09.0043 0x1bf8 fvevol - ok
12:31:09.0074 0x1bf8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:31:09.0074 0x1bf8 gagp30kx - ok
12:31:09.0136 0x1bf8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
12:31:09.0183 0x1bf8 gpsvc - ok
12:31:09.0199 0x1bf8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:31:09.0199 0x1bf8 hcw85cir - ok
12:31:09.0245 0x1bf8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:31:09.0261 0x1bf8 HdAudAddService - ok
12:31:09.0308 0x1bf8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:31:09.0308 0x1bf8 HDAudBus - ok
12:31:09.0339 0x1bf8 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:31:09.0339 0x1bf8 HECIx64 - ok
12:31:09.0370 0x1bf8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:31:09.0370 0x1bf8 HidBatt - ok
12:31:09.0386 0x1bf8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:31:09.0401 0x1bf8 HidBth - ok
12:31:09.0464 0x1bf8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:31:09.0464 0x1bf8 HidIr - ok
12:31:09.0511 0x1bf8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
12:31:09.0526 0x1bf8 hidserv - ok
12:31:09.0557 0x1bf8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
12:31:09.0557 0x1bf8 HidUsb - ok
12:31:09.0604 0x1bf8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:31:09.0604 0x1bf8 hkmsvc - ok
12:31:09.0682 0x1bf8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:31:09.0713 0x1bf8 HomeGroupListener - ok
12:31:09.0760 0x1bf8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:31:09.0776 0x1bf8 HomeGroupProvider - ok
12:31:09.0823 0x1bf8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:31:09.0823 0x1bf8 HpSAMD - ok
12:31:09.0885 0x1bf8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:31:09.0916 0x1bf8 HTTP - ok
12:31:09.0947 0x1bf8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:31:09.0963 0x1bf8 hwpolicy - ok
12:31:10.0010 0x1bf8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:31:10.0010 0x1bf8 i8042prt - ok
12:31:10.0072 0x1bf8 [ 85977CD13FC16069CE0AF7943A811775, 421AFFF08D14C2F55CFEF05E4A5A8B086F80BE69A927F84052A502EC5B222990 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:31:10.0088 0x1bf8 iaStor - ok
12:31:10.0119 0x1bf8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:31:10.0135 0x1bf8 iaStorV - ok
12:31:10.0166 0x1bf8 [ B21087E1A64FD474BF3E1A602A714F1F, 1122D26F938E1A331D0BEBBEA4BACC75276E8502291B3FCB45D53ACA1562C422 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
12:31:10.0181 0x1bf8 IBMPMDRV - ok
12:31:10.0213 0x1bf8 [ A3E4DE0F77031061972485EF9BD8E4D0, 5F9E293898553281DAECE577CCB3F83178C46FB9078FB7D2E9FF609EF5709373 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
12:31:10.0213 0x1bf8 IBMPMSVC - ok
12:31:10.0306 0x1bf8 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:31:10.0337 0x1bf8 idsvc - ok
12:31:10.0384 0x1bf8 IEEtwCollectorService - ok
12:31:10.0852 0x1bf8 [ F4F91789C7C7A159CE8215C1F69F2A85, E60155402FB647B55EAD6B090204A1AA497294D473A7CCF850BB21C0DCCCB49C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:31:11.0273 0x1bf8 igfx - ok
12:31:11.0351 0x1bf8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:31:11.0351 0x1bf8 iirsp - ok
12:31:11.0414 0x1bf8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
12:31:11.0445 0x1bf8 IKEEXT - ok
12:31:11.0492 0x1bf8 [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
12:31:11.0492 0x1bf8 Impcd - ok
12:31:11.0710 0x1bf8 [ 1C11E5D258BC374E7FBD598D75E49B75, E5A03972750809C41F6AE183476DE9E4831B9B10D9D178BF644258021D9937C4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:31:11.0851 0x1bf8 IntcAzAudAddService - ok
12:31:11.0913 0x1bf8 [ 58CF58DEE26C909BD6F977B61D246295, 0CE27B81C091961A22B75478449D654F9C1A68E43DF80C699DB8DD3D1B288461 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
12:31:11.0944 0x1bf8 IntcDAud - ok
12:31:11.0960 0x1bf8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
12:31:11.0975 0x1bf8 intelide - ok
12:31:12.0007 0x1bf8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:31:12.0007 0x1bf8 intelppm - ok
12:31:12.0038 0x1bf8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:31:12.0053 0x1bf8 IPBusEnum - ok
12:31:12.0085 0x1bf8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:31:12.0085 0x1bf8 IpFilterDriver - ok
12:31:12.0147 0x1bf8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:31:12.0178 0x1bf8 iphlpsvc - ok
12:31:12.0225 0x1bf8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:31:12.0225 0x1bf8 IPMIDRV - ok
12:31:12.0241 0x1bf8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:31:12.0256 0x1bf8 IPNAT - ok
12:31:12.0272 0x1bf8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:31:12.0272 0x1bf8 IRENUM - ok
12:31:12.0303 0x1bf8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:31:12.0303 0x1bf8 isapnp - ok
12:31:12.0334 0x1bf8 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:31:12.0365 0x1bf8 iScsiPrt - ok
12:31:12.0412 0x1bf8 [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
12:31:12.0428 0x1bf8 IviRegMgr - ok
12:31:12.0459 0x1bf8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:31:12.0459 0x1bf8 kbdclass - ok
12:31:12.0490 0x1bf8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:31:12.0506 0x1bf8 kbdhid - ok
12:31:12.0537 0x1bf8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
12:31:12.0537 0x1bf8 KeyIso - ok
12:31:12.0568 0x1bf8 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:31:12.0568 0x1bf8 KSecDD - ok
12:31:12.0599 0x1bf8 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:31:12.0599 0x1bf8 KSecPkg - ok
12:31:12.0631 0x1bf8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:31:12.0631 0x1bf8 ksthunk - ok
12:31:12.0662 0x1bf8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
12:31:12.0693 0x1bf8 KtmRm - ok
12:31:12.0755 0x1bf8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:31:12.0771 0x1bf8 LanmanServer - ok
12:31:12.0818 0x1bf8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:31:12.0818 0x1bf8 LanmanWorkstation - ok
12:31:12.0958 0x1bf8 [ 70481DABD9ADAB51A6933C5893B82925, 058690744CF783456DFCAAFDA853D020446C479DADBA38DF92EDFBC96F79D241 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
12:31:12.0958 0x1bf8 LENOVO.CAMMUTE - ok
12:31:13.0036 0x1bf8 [ C88EB33793420A79F601FB5E33E2EDD9, D1FBA5271A98A0953BBACD91F82F54C2875DD22AE62BE249CBE7F6E95E5AC512 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
12:31:13.0036 0x1bf8 LENOVO.MICMUTE - ok
12:31:13.0052 0x1bf8 [ 5ACFF5823634BC2C4EBF559C3B33E18E, 40E4E52C1A96F8E7F3A0E7755CBD27F7F55FC7CD682E61A496313D16BBE2C08C ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
12:31:13.0052 0x1bf8 lenovo.smi - ok
12:31:13.0083 0x1bf8 [ D0DAF6A22037F6DEE706A095C647AA41, 26FC2E6F423E19879C37D565C8C025EFBB2165C40E96078B4ECD2A77F3CEA55D ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
12:31:13.0083 0x1bf8 LENOVO.TPKNRSVC - ok
12:31:13.0099 0x1bf8 [ 6F2CC57EB5836D2AC9BD37F3554D55F8, C877F63AACA68AD3505EC4A8B8916FA2E07C2CB29E74FA368A103F612E18499E ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
12:31:13.0114 0x1bf8 Lenovo.VIRTSCRLSVC - ok
12:31:13.0177 0x1bf8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:31:13.0177 0x1bf8 lltdio - ok
12:31:13.0239 0x1bf8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:31:13.0255 0x1bf8 lltdsvc - ok
12:31:13.0286 0x1bf8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:31:13.0286 0x1bf8 lmhosts - ok
12:31:13.0395 0x1bf8 [ 5460828F8951D310B42B442877603B8D, B6F78F69EFFBD550D650C189A1295483C1F99FC406A10186F90818A8E53F82B8 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:31:13.0411 0x1bf8 LMS - ok
12:31:13.0504 0x1bf8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:31:13.0504 0x1bf8 LSI_FC - ok
12:31:13.0567 0x1bf8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:31:13.0582 0x1bf8 LSI_SAS - ok
12:31:13.0613 0x1bf8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:31:13.0613 0x1bf8 LSI_SAS2 - ok
12:31:13.0645 0x1bf8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:31:13.0645 0x1bf8 LSI_SCSI - ok
12:31:13.0691 0x1bf8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
12:31:13.0707 0x1bf8 luafv - ok
12:31:13.0754 0x1bf8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:31:13.0754 0x1bf8 Mcx2Svc - ok
12:31:13.0769 0x1bf8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:31:13.0785 0x1bf8 megasas - ok
12:31:13.0801 0x1bf8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:31:13.0816 0x1bf8 MegaSR - ok
12:31:13.0879 0x1bf8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
12:31:13.0879 0x1bf8 MMCSS - ok
12:31:13.0894 0x1bf8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
12:31:13.0894 0x1bf8 Modem - ok
12:31:13.0941 0x1bf8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:31:13.0941 0x1bf8 monitor - ok
12:31:13.0988 0x1bf8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:31:13.0988 0x1bf8 mouclass - ok
12:31:14.0003 0x1bf8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:31:14.0003 0x1bf8 mouhid - ok
12:31:14.0050 0x1bf8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:31:14.0066 0x1bf8 mountmgr - ok
12:31:14.0144 0x1bf8 [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:31:14.0144 0x1bf8 MozillaMaintenance - ok
12:31:14.0191 0x1bf8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
12:31:14.0206 0x1bf8 mpio - ok
12:31:14.0253 0x1bf8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:31:14.0253 0x1bf8 mpsdrv - ok
12:31:14.0331 0x1bf8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:31:14.0393 0x1bf8 MpsSvc - ok
12:31:14.0425 0x1bf8 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:31:14.0440 0x1bf8 MRxDAV - ok
12:31:14.0487 0x1bf8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:31:14.0503 0x1bf8 mrxsmb - ok
12:31:14.0565 0x1bf8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:31:14.0581 0x1bf8 mrxsmb10 - ok
12:31:14.0627 0x1bf8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:31:14.0627 0x1bf8 mrxsmb20 - ok
12:31:14.0705 0x1bf8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
12:31:14.0705 0x1bf8 msahci - ok
12:31:14.0752 0x1bf8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:31:14.0768 0x1bf8 msdsm - ok
12:31:14.0830 0x1bf8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
12:31:14.0830 0x1bf8 MSDTC - ok
12:31:14.0908 0x1bf8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:31:14.0908 0x1bf8 Msfs - ok
12:31:14.0939 0x1bf8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:31:14.0939 0x1bf8 mshidkmdf - ok
12:31:14.0971 0x1bf8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:31:14.0971 0x1bf8 msisadrv - ok
12:31:15.0002 0x1bf8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:31:15.0002 0x1bf8 MSiSCSI - ok
12:31:15.0017 0x1bf8 msiserver - ok
12:31:15.0049 0x1bf8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:31:15.0049 0x1bf8 MSKSSRV - ok
12:31:15.0064 0x1bf8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:31:15.0064 0x1bf8 MSPCLOCK - ok
12:31:15.0080 0x1bf8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:31:15.0080 0x1bf8 MSPQM - ok
12:31:15.0127 0x1bf8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:31:15.0142 0x1bf8 MsRPC - ok
12:31:15.0189 0x1bf8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:31:15.0205 0x1bf8 mssmbios - ok
12:31:15.0220 0x1bf8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:31:15.0236 0x1bf8 MSTEE - ok
12:31:15.0251 0x1bf8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:31:15.0251 0x1bf8 MTConfig - ok
12:31:15.0267 0x1bf8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
12:31:15.0283 0x1bf8 Mup - ok
12:31:15.0329 0x1bf8 [ A9BC2302FBDF52C8AF4E2FC966288D21, 4CBDCDCC2BA8133BDC0BA1A1EB47FB9241CAACF93544BAD37175417DA9E616D6 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:31:15.0361 0x1bf8 MyWiFiDHCPDNS - ok
12:31:15.0407 0x1bf8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
12:31:15.0439 0x1bf8 napagent - ok
12:31:15.0501 0x1bf8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:31:15.0532 0x1bf8 NativeWifiP - ok
12:31:15.0610 0x1bf8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
12:31:15.0657 0x1bf8 NDIS - ok
12:31:15.0673 0x1bf8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:31:15.0673 0x1bf8 NdisCap - ok
12:31:15.0704 0x1bf8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:31:15.0704 0x1bf8 NdisTapi - ok
12:31:15.0735 0x1bf8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:31:15.0735 0x1bf8 Ndisuio - ok
12:31:15.0782 0x1bf8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:31:15.0797 0x1bf8 NdisWan - ok
12:31:15.0844 0x1bf8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:31:15.0844 0x1bf8 NDProxy - ok
12:31:15.0875 0x1bf8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:31:15.0875 0x1bf8 NetBIOS - ok
12:31:15.0938 0x1bf8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:31:15.0953 0x1bf8 NetBT - ok
12:31:16.0000 0x1bf8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
12:31:16.0000 0x1bf8 Netlogon - ok
12:31:16.0047 0x1bf8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
12:31:16.0063 0x1bf8 Netman - ok
12:31:16.0156 0x1bf8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:16.0172 0x1bf8 NetMsmqActivator - ok
12:31:16.0172 0x1bf8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:16.0187 0x1bf8 NetPipeActivator - ok
12:31:16.0203 0x1bf8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
12:31:16.0219 0x1bf8 netprofm - ok
12:31:16.0250 0x1bf8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:16.0265 0x1bf8 NetTcpActivator - ok
12:31:16.0265 0x1bf8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:16.0265 0x1bf8 NetTcpPortSharing - ok
12:31:16.0562 0x1bf8 [ 24F64343F14A119308456E1CA7507B26, E9219B173426E872977C3D615552B066C697A31D003AE3F0012BF1C6FFCEFF51 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
12:31:16.0843 0x1bf8 NETw5s64 - ok
12:31:17.0092 0x1bf8 [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
12:31:17.0279 0x1bf8 netw5v64 - ok
12:31:17.0326 0x1bf8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:31:17.0326 0x1bf8 nfrd960 - ok
12:31:17.0373 0x1bf8 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:31:17.0373 0x1bf8 NlaSvc - ok
12:31:17.0389 0x1bf8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:31:17.0389 0x1bf8 Npfs - ok
12:31:17.0420 0x1bf8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
12:31:17.0420 0x1bf8 nsi - ok
12:31:17.0435 0x1bf8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:31:17.0435 0x1bf8 nsiproxy - ok
12:31:17.0545 0x1bf8 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:31:17.0623 0x1bf8 Ntfs - ok
12:31:17.0654 0x1bf8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
12:31:17.0654 0x1bf8 Null - ok
12:31:17.0685 0x1bf8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:31:17.0701 0x1bf8 nvraid - ok
12:31:17.0732 0x1bf8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:31:17.0732 0x1bf8 nvstor - ok
12:31:17.0763 0x1bf8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:31:17.0763 0x1bf8 nv_agp - ok
12:31:17.0872 0x1bf8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:31:17.0919 0x1bf8 odserv - ok
12:31:17.0950 0x1bf8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:31:17.0950 0x1bf8 ohci1394 - ok
12:31:18.0013 0x1bf8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:31:18.0013 0x1bf8 ose - ok
12:31:18.0091 0x1bf8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:31:18.0122 0x1bf8 p2pimsvc - ok
12:31:18.0153 0x1bf8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
12:31:18.0184 0x1bf8 p2psvc - ok
12:31:18.0215 0x1bf8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:31:18.0231 0x1bf8 Parport - ok
12:31:18.0262 0x1bf8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:31:18.0262 0x1bf8 partmgr - ok
12:31:18.0293 0x1bf8 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
12:31:18.0309 0x1bf8 PcaSvc - ok
12:31:18.0387 0x1bf8 [ 7317A0B550F7AC0223B7070897670476, ABB0A1296BA267467C16CF99383EFCAB1732B07EE5B2494197A26B8432DD0A94 ] PCDSRVC{127174DC-C366ED8B-06020101}_0 c:\program files\pc-doctor\pcdsrvc_x64.pkms
12:31:18.0403 0x1bf8 PCDSRVC{127174DC-C366ED8B-06020101}_0 - ok
12:31:18.0434 0x1bf8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
12:31:18.0465 0x1bf8 pci - ok
12:31:18.0496 0x1bf8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
12:31:18.0496 0x1bf8 pciide - ok
12:31:18.0527 0x1bf8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:31:18.0559 0x1bf8 pcmcia - ok
12:31:18.0574 0x1bf8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
12:31:18.0574 0x1bf8 pcw - ok
12:31:18.0605 0x1bf8 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:31:18.0637 0x1bf8 PEAUTH - ok
12:31:18.0761 0x1bf8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:31:18.0761 0x1bf8 PerfHost - ok
12:31:18.0855 0x1bf8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
12:31:18.0917 0x1bf8 pla - ok
12:31:18.0964 0x1bf8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:31:18.0980 0x1bf8 PlugPlay - ok
12:31:19.0011 0x1bf8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:31:19.0011 0x1bf8 PNRPAutoReg - ok
12:31:19.0027 0x1bf8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:31:19.0042 0x1bf8 PNRPsvc - ok
12:31:19.0058 0x1bf8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:31:19.0073 0x1bf8 PolicyAgent - ok
12:31:19.0120 0x1bf8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
12:31:19.0120 0x1bf8 Power - ok
12:31:19.0167 0x1bf8 [ BAC02775CF629E5FE80BEA952F4448EF, 0A09F11AF44C4F14A6DF0184B3DC6252A5804E8560E1554C0F3C94EB900E6E47 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
12:31:19.0183 0x1bf8 Power Manager DBC Service - ok
12:31:19.0229 0x1bf8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:31:19.0229 0x1bf8 PptpMiniport - ok
12:31:19.0261 0x1bf8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:31:19.0261 0x1bf8 Processor - ok
12:31:19.0292 0x1bf8 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
12:31:19.0323 0x1bf8 ProfSvc - ok
12:31:19.0339 0x1bf8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:31:19.0339 0x1bf8 ProtectedStorage - ok
12:31:19.0354 0x1bf8 [ 515A7C5A0886FCC60901916785EFD549, B9B7C39CDBFC3860752C305433EADBC594AC2EEC66818E91F4AA779915A3A21C ] psadd C:\Windows\system32\DRIVERS\psadd.sys
12:31:19.0354 0x1bf8 psadd - ok
12:31:19.0401 0x1bf8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:31:19.0401 0x1bf8 Psched - ok
12:31:19.0495 0x1bf8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:31:19.0619 0x1bf8 ql2300 - ok
12:31:19.0635 0x1bf8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:31:19.0651 0x1bf8 ql40xx - ok
12:31:19.0666 0x1bf8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
12:31:19.0682 0x1bf8 QWAVE - ok
12:31:19.0697 0x1bf8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:31:19.0697 0x1bf8 QWAVEdrv - ok
12:31:19.0713 0x1bf8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:31:19.0713 0x1bf8 RasAcd - ok
12:31:19.0744 0x1bf8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:31:19.0744 0x1bf8 RasAgileVpn - ok
12:31:19.0760 0x1bf8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
12:31:19.0760 0x1bf8 RasAuto - ok
12:31:19.0791 0x1bf8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:31:19.0807 0x1bf8 Rasl2tp - ok
12:31:19.0853 0x1bf8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
12:31:19.0869 0x1bf8 RasMan - ok
12:31:19.0916 0x1bf8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:31:19.0916 0x1bf8 RasPppoe - ok
12:31:19.0994 0x1bf8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:31:19.0994 0x1bf8 RasSstp - ok
12:31:20.0041 0x1bf8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss


Part 2 coming next
 
TDSSKILLER log, part 2

C:\Windows\system32\DRIVERS\rassstp.sys
12:31:19.0994 0x1bf8 RasSstp - ok
12:31:20.0041 0x1bf8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:31:20.0072 0x1bf8 rdbss - ok
12:31:20.0087 0x1bf8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:31:20.0087 0x1bf8 rdpbus - ok
12:31:20.0103 0x1bf8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:31:20.0103 0x1bf8 RDPCDD - ok
12:31:20.0134 0x1bf8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:31:20.0134 0x1bf8 RDPENCDD - ok
12:31:20.0150 0x1bf8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:31:20.0150 0x1bf8 RDPREFMP - ok
12:31:20.0181 0x1bf8 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:31:20.0212 0x1bf8 RDPWD - ok
12:31:20.0259 0x1bf8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:31:20.0275 0x1bf8 rdyboost - ok
12:31:20.0384 0x1bf8 [ 0AA473966357C4A41B5EB19649EB6E5E, D4F1EADDECE41481332CBF03B8CAB4AC6AB048834DF013DB30757E7941F306FE ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:31:20.0415 0x1bf8 RegSrvc - ok
12:31:20.0431 0x1bf8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:31:20.0446 0x1bf8 RemoteAccess - ok
12:31:20.0462 0x1bf8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:31:20.0477 0x1bf8 RemoteRegistry - ok
12:31:20.0509 0x1bf8 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:31:20.0509 0x1bf8 RFCOMM - ok
12:31:20.0524 0x1bf8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:31:20.0524 0x1bf8 RpcEptMapper - ok
12:31:20.0555 0x1bf8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
12:31:20.0555 0x1bf8 RpcLocator - ok
12:31:20.0602 0x1bf8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
12:31:20.0602 0x1bf8 RpcSs - ok
12:31:20.0633 0x1bf8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:31:20.0649 0x1bf8 rspndr - ok
12:31:20.0680 0x1bf8 [ 3CEEE53BBF8BA284FF44585CEC0162FE, 5725A47BE8B7A9116983895FCB82CB2808B7B9C57BC285F3DFD7352E72DBC1FE ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
12:31:20.0680 0x1bf8 RSUSBSTOR - ok
12:31:20.0711 0x1bf8 [ 24452CCCC3808B5AB0341A384BB72200, 11FFDB0219127AB6F84E2391DEADBDC07163A1A44A8443D1A938117D95B6C92C ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
12:31:20.0727 0x1bf8 RtkAudioService - ok
12:31:20.0758 0x1bf8 [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:31:20.0789 0x1bf8 RTL8167 - ok
12:31:20.0914 0x1bf8 [ 4E548FC2C427455836B37A7C7D9923DB, BFE1D795BD2162EA8E88D42D1BB4DCAD90B3B9C1FA3A28A31F0D1659AA8F732C ] SacNetAgentService_C57C4F854F53 C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
12:31:20.0930 0x1bf8 SacNetAgentService_C57C4F854F53 - ok
12:31:20.0945 0x1bf8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
12:31:20.0945 0x1bf8 SamSs - ok
12:31:21.0008 0x1bf8 [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:31:21.0008 0x1bf8 SASDIFSV - ok
12:31:21.0039 0x1bf8 [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:31:21.0039 0x1bf8 SASKUTIL - ok
12:31:21.0070 0x1bf8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:31:21.0086 0x1bf8 sbp2port - ok
12:31:21.0101 0x1bf8 SBRE - ok
12:31:21.0133 0x1bf8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:31:21.0148 0x1bf8 SCardSvr - ok
12:31:21.0195 0x1bf8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:31:21.0195 0x1bf8 scfilter - ok
12:31:21.0273 0x1bf8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
12:31:21.0320 0x1bf8 Schedule - ok
12:31:21.0367 0x1bf8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:31:21.0367 0x1bf8 SCPolicySvc - ok
12:31:21.0413 0x1bf8 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\drivers\sdbus.sys
12:31:21.0429 0x1bf8 sdbus - ok
12:31:21.0476 0x1bf8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:31:21.0491 0x1bf8 SDRSVC - ok
12:31:21.0523 0x1bf8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:31:21.0523 0x1bf8 secdrv - ok
12:31:21.0554 0x1bf8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
12:31:21.0569 0x1bf8 seclogon - ok
12:31:21.0585 0x1bf8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
12:31:21.0601 0x1bf8 SENS - ok
12:31:21.0616 0x1bf8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:31:21.0616 0x1bf8 SensrSvc - ok
12:31:21.0647 0x1bf8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:31:21.0647 0x1bf8 Serenum - ok
12:31:21.0679 0x1bf8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:31:21.0679 0x1bf8 Serial - ok
12:31:21.0741 0x1bf8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:31:21.0741 0x1bf8 sermouse - ok
12:31:21.0788 0x1bf8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
12:31:21.0803 0x1bf8 SessionEnv - ok
12:31:21.0850 0x1bf8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:31:21.0850 0x1bf8 sffdisk - ok
12:31:21.0866 0x1bf8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:31:21.0866 0x1bf8 sffp_mmc - ok
12:31:21.0881 0x1bf8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:31:21.0881 0x1bf8 sffp_sd - ok
12:31:21.0897 0x1bf8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:31:21.0897 0x1bf8 sfloppy - ok
12:31:21.0944 0x1bf8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:31:22.0006 0x1bf8 SharedAccess - ok
12:31:22.0053 0x1bf8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:31:22.0084 0x1bf8 ShellHWDetection - ok
12:31:22.0162 0x1bf8 [ C45942985943FC4AB8A7EA7A92F29C00, C1E2FCA82A78BA59E014ED257C7FBA034C60B947242C363A910EBA0B67AA1B30 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
12:31:22.0178 0x1bf8 Shockprf - ok
12:31:22.0209 0x1bf8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:31:22.0209 0x1bf8 SiSRaid2 - ok
12:31:22.0225 0x1bf8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:31:22.0225 0x1bf8 SiSRaid4 - ok
12:31:22.0256 0x1bf8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:31:22.0271 0x1bf8 Smb - ok
12:31:22.0287 0x1bf8 [ C5B1A19B14F19B08AE72FCB20A3075B6, FD920DC51638A2C52C51827CC14264FA7B945417A486DE439E516FA2BD6D51DA ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
12:31:22.0287 0x1bf8 smihlp - ok
12:31:22.0334 0x1bf8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:31:22.0334 0x1bf8 SNMPTRAP - ok
12:31:22.0349 0x1bf8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
12:31:22.0349 0x1bf8 spldr - ok
12:31:22.0396 0x1bf8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
12:31:22.0427 0x1bf8 Spooler - ok
12:31:22.0474 0x1bf8 SPPD - ok
12:31:22.0630 0x1bf8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
12:31:22.0755 0x1bf8 sppsvc - ok
12:31:22.0786 0x1bf8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:31:22.0786 0x1bf8 sppuinotify - ok
12:31:22.0817 0x1bf8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:31:22.0849 0x1bf8 srv - ok
12:31:22.0880 0x1bf8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:31:22.0911 0x1bf8 srv2 - ok
12:31:22.0942 0x1bf8 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
12:31:22.0958 0x1bf8 SrvHsfHDA - ok
12:31:23.0020 0x1bf8 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
12:31:23.0067 0x1bf8 SrvHsfV92 - ok
12:31:23.0114 0x1bf8 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
12:31:23.0145 0x1bf8 SrvHsfWinac - ok
12:31:23.0176 0x1bf8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:31:23.0176 0x1bf8 srvnet - ok
12:31:23.0207 0x1bf8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:31:23.0207 0x1bf8 SSDPSRV - ok
12:31:23.0223 0x1bf8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:31:23.0239 0x1bf8 SstpSvc - ok
12:31:23.0254 0x1bf8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:31:23.0254 0x1bf8 stexstor - ok
12:31:23.0317 0x1bf8 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\drivers\serscan.sys
12:31:23.0317 0x1bf8 StillCam - ok
12:31:23.0395 0x1bf8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
12:31:23.0426 0x1bf8 stisvc - ok
12:31:23.0488 0x1bf8 [ 7F7958C5B40F9441D1E8D704310D46FF, A6A04DE0C76BD65A2A9105BCBBA46C35D4CD973C15087E2761ABA5218C59A1F8 ] SUService c:\Program Files (x86)\Lenovo\System Update\SUService.exe
12:31:23.0488 0x1bf8 SUService - ok
12:31:23.0519 0x1bf8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
12:31:23.0519 0x1bf8 swenum - ok
12:31:23.0566 0x1bf8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
12:31:23.0629 0x1bf8 swprv - ok
12:31:23.0707 0x1bf8 [ AEAE48AF681BAF5904608FF5D84E3C9C, 39B362E9E64A43B9AF5CCE2E704CCAE5E10B5BA0B45E535098BC0E40A4F772A8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:31:23.0738 0x1bf8 SynTP - ok
12:31:23.0847 0x1bf8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
12:31:23.0909 0x1bf8 SysMain - ok
12:31:23.0941 0x1bf8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:31:23.0941 0x1bf8 TabletInputService - ok
12:31:23.0987 0x1bf8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
12:31:24.0019 0x1bf8 TapiSrv - ok
12:31:24.0034 0x1bf8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
12:31:24.0034 0x1bf8 TBS - ok
12:31:24.0159 0x1bf8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:31:24.0221 0x1bf8 Tcpip - ok
12:31:24.0299 0x1bf8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:31:24.0331 0x1bf8 TCPIP6 - ok
12:31:24.0362 0x1bf8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:31:24.0362 0x1bf8 tcpipreg - ok
12:31:24.0393 0x1bf8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:31:24.0393 0x1bf8 TDPIPE - ok
12:31:24.0424 0x1bf8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:31:24.0424 0x1bf8 TDTCP - ok
12:31:24.0455 0x1bf8 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:31:24.0471 0x1bf8 tdx - ok
12:31:24.0518 0x1bf8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
12:31:24.0518 0x1bf8 TermDD - ok
12:31:24.0611 0x1bf8 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
12:31:24.0689 0x1bf8 TermService - ok
12:31:24.0705 0x1bf8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
12:31:24.0705 0x1bf8 Themes - ok
12:31:24.0736 0x1bf8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
12:31:24.0736 0x1bf8 THREADORDER - ok
12:31:24.0767 0x1bf8 [ 6DB3FAE611554DC373E266ED50111B1C, CAE806DC0076B0ACD0020F2D20333C9D50CFE4E1EF32576D413BB2067C8AD206 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
12:31:24.0783 0x1bf8 TPDIGIMN - ok
12:31:24.0799 0x1bf8 [ 47D2009FDC682833EE03B6DCBA23FDD2, 39236BECB9AAFC2055E1706EE35CE506E4A72A284DACBC3D2C3A990BB4510389 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
12:31:24.0799 0x1bf8 TPHDEXLGSVC - ok
12:31:24.0845 0x1bf8 [ 2CF225E19490F499528B926263FE4554, 4913A6A729603C89A120FA20F87A06FC1A6005691D39696AB736CDC64180762C ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
12:31:24.0861 0x1bf8 TPHKSVC - ok
12:31:24.0892 0x1bf8 [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys
12:31:24.0892 0x1bf8 TPM - ok
12:31:24.0923 0x1bf8 [ 2C067E01D6BBCCC88B233B868E210907, F3BA21931BA25A773112CFB6EAD43CDF6EA3E7EA797BA1FFA99B5F1889DE6C7E ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
12:31:24.0939 0x1bf8 TPPWRIF - ok
12:31:24.0970 0x1bf8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
12:31:24.0970 0x1bf8 TrkWks - ok
12:31:25.0048 0x1bf8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:31:25.0048 0x1bf8 TrustedInstaller - ok
12:31:25.0095 0x1bf8 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:31:25.0095 0x1bf8 tssecsrv - ok
12:31:25.0126 0x1bf8 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:31:25.0126 0x1bf8 TsUsbFlt - ok
12:31:25.0189 0x1bf8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:31:25.0189 0x1bf8 tunnel - ok
12:31:25.0235 0x1bf8 [ 53FF5F00EAB07E329ABE48AE3DE4F5D7, CAA2385DCD65009E4AC4328675FBE7F6B8078FDE42F3369D70E2A37AE1827B90 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
12:31:25.0235 0x1bf8 TurboB - ok
12:31:25.0267 0x1bf8 [ B670DF651F00194434ADC6B326743709, 8074B79F7928236338C0BC3F15363E4110A07CF5965621673CB6516BBB734E7D ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
12:31:25.0282 0x1bf8 TurboBoost - ok
12:31:25.0313 0x1bf8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:31:25.0313 0x1bf8 uagp35 - ok
12:31:25.0345 0x1bf8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:31:25.0376 0x1bf8 udfs - ok
12:31:25.0407 0x1bf8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:31:25.0407 0x1bf8 UI0Detect - ok
12:31:25.0469 0x1bf8 [ BE788A747457E6916586C410EC0111E7, 525F9065270AF40FED854C5B3C7E690783F5169C2F9286EE225F6C817ED1E237 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
12:31:25.0469 0x1bf8 UleadBurningHelper - ok
12:31:25.0516 0x1bf8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:31:25.0516 0x1bf8 uliagpkx - ok
12:31:25.0563 0x1bf8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
12:31:25.0563 0x1bf8 umbus - ok
12:31:25.0579 0x1bf8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:31:25.0579 0x1bf8 UmPass - ok
12:31:25.0719 0x1bf8 [ 9E89C2D6945389270DE067CE51FF7425, C6FD14DF4FE967760F3127D6CF663CC0FB40C91D966AC17A571DD4E659498506 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:31:25.0813 0x1bf8 UNS - ok
12:31:25.0875 0x1bf8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
12:31:25.0906 0x1bf8 upnphost - ok
12:31:25.0953 0x1bf8 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:31:25.0953 0x1bf8 usbaudio - ok
12:31:25.0984 0x1bf8 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:31:25.0984 0x1bf8 usbccgp - ok
12:31:26.0031 0x1bf8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:31:26.0031 0x1bf8 usbcir - ok
12:31:26.0062 0x1bf8 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:31:26.0062 0x1bf8 usbehci - ok
12:31:26.0125 0x1bf8 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:31:26.0140 0x1bf8 usbhub - ok
12:31:26.0171 0x1bf8 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:31:26.0171 0x1bf8 usbohci - ok
12:31:26.0203 0x1bf8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:31:26.0218 0x1bf8 usbprint - ok
12:31:26.0265 0x1bf8 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys
12:31:26.0265 0x1bf8 usbscan - ok
12:31:26.0296 0x1bf8 [ 63FE600D71D72EB960FF01B0F0E5D837, FCA73ABE2998B97BD3050C2FF8E49B9ECF5411BE4F63E8467ECB22184EA59860 ] usbsmi C:\Windows\system32\DRIVERS\SMIksdrv.sys
12:31:26.0312 0x1bf8 usbsmi - ok
12:31:26.0374 0x1bf8 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:31:26.0390 0x1bf8 USBSTOR - ok
12:31:26.0437 0x1bf8 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:31:26.0437 0x1bf8 usbuhci - ok
12:31:26.0499 0x1bf8 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:31:26.0515 0x1bf8 usbvideo - ok
12:31:26.0546 0x1bf8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
12:31:26.0546 0x1bf8 UxSms - ok
12:31:26.0561 0x1bf8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
12:31:26.0561 0x1bf8 VaultSvc - ok
12:31:26.0577 0x1bf8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:31:26.0593 0x1bf8 vdrvroot - ok
12:31:26.0639 0x1bf8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
12:31:26.0671 0x1bf8 vds - ok
12:31:26.0702 0x1bf8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:31:26.0702 0x1bf8 vga - ok
12:31:26.0733 0x1bf8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:31:26.0733 0x1bf8 VgaSave - ok
12:31:26.0764 0x1bf8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:31:26.0764 0x1bf8 vhdmp - ok
12:31:26.0811 0x1bf8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
12:31:26.0811 0x1bf8 viaide - ok
12:31:26.0842 0x1bf8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:31:26.0858 0x1bf8 volmgr - ok
12:31:26.0920 0x1bf8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:31:26.0951 0x1bf8 volmgrx - ok
12:31:26.0983 0x1bf8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:31:27.0014 0x1bf8 volsnap - ok
12:31:27.0061 0x1bf8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:31:27.0061 0x1bf8 vsmraid - ok
12:31:27.0170 0x1bf8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
12:31:27.0232 0x1bf8 VSS - ok
12:31:27.0248 0x1bf8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:31:27.0248 0x1bf8 vwifibus - ok
12:31:27.0263 0x1bf8 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:31:27.0263 0x1bf8 vwififlt - ok
12:31:27.0295 0x1bf8 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:31:27.0295 0x1bf8 vwifimp - ok
12:31:27.0326 0x1bf8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
12:31:27.0341 0x1bf8 W32Time - ok
12:31:27.0357 0x1bf8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:31:27.0373 0x1bf8 WacomPen - ok
12:31:27.0419 0x1bf8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:31:27.0419 0x1bf8 WANARP - ok
12:31:27.0435 0x1bf8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:31:27.0435 0x1bf8 Wanarpv6 - ok
12:31:27.0529 0x1bf8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:31:27.0591 0x1bf8 WatAdminSvc - ok
12:31:27.0685 0x1bf8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
12:31:27.0763 0x1bf8 wbengine - ok
12:31:27.0809 0x1bf8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:31:27.0825 0x1bf8 WbioSrvc - ok
12:31:27.0872 0x1bf8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:31:27.0903 0x1bf8 wcncsvc - ok
12:31:27.0919 0x1bf8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:31:27.0919 0x1bf8 WcsPlugInService - ok
12:31:27.0950 0x1bf8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:31:27.0950 0x1bf8 Wd - ok
12:31:28.0012 0x1bf8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:31:28.0059 0x1bf8 Wdf01000 - ok
12:31:28.0090 0x1bf8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:31:28.0090 0x1bf8 WdiServiceHost - ok
12:31:28.0090 0x1bf8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:31:28.0090 0x1bf8 WdiSystemHost - ok
12:31:28.0137 0x1bf8 [ 5B34E5938B9E76798977725E3F7847C4, FE9DBBF82478AA04E7EA1C131B931997F2663E79E87D86B59803B8C16B8C3341 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
12:31:28.0137 0x1bf8 wdkmd - ok
12:31:28.0184 0x1bf8 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
12:31:28.0199 0x1bf8 WebClient - ok
12:31:28.0231 0x1bf8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:31:28.0262 0x1bf8 Wecsvc - ok
12:31:28.0277 0x1bf8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:31:28.0293 0x1bf8 wercplsupport - ok
12:31:28.0309 0x1bf8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
12:31:28.0324 0x1bf8 WerSvc - ok
12:31:28.0355 0x1bf8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:31:28.0355 0x1bf8 WfpLwf - ok
12:31:28.0371 0x1bf8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:31:28.0387 0x1bf8 WIMMount - ok
12:31:28.0402 0x1bf8 WinDefend - ok
12:31:28.0433 0x1bf8 WinHttpAutoProxySvc - ok
12:31:28.0496 0x1bf8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:31:28.0527 0x1bf8 Winmgmt - ok
12:31:28.0652 0x1bf8 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
12:31:28.0714 0x1bf8 WinRM - ok
12:31:28.0777 0x1bf8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
12:31:28.0777 0x1bf8 WinUsb - ok
12:31:28.0823 0x1bf8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:31:28.0870 0x1bf8 Wlansvc - ok
12:31:28.0933 0x1bf8 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:31:28.0933 0x1bf8 wlcrasvc - ok
12:31:29.0120 0x1bf8 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:31:29.0213 0x1bf8 wlidsvc - ok
12:31:29.0260 0x1bf8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:31:29.0260 0x1bf8 WmiAcpi - ok
12:31:29.0291 0x1bf8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:31:29.0291 0x1bf8 wmiApSrv - ok
12:31:29.0323 0x1bf8 WMPNetworkSvc - ok
12:31:29.0354 0x1bf8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:31:29.0354 0x1bf8 WPCSvc - ok
12:31:29.0401 0x1bf8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:31:29.0401 0x1bf8 WPDBusEnum - ok
12:31:29.0447 0x1bf8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:31:29.0447 0x1bf8 ws2ifsl - ok
12:31:29.0479 0x1bf8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
12:31:29.0479 0x1bf8 wscsvc - ok
12:31:29.0541 0x1bf8 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
12:31:29.0541 0x1bf8 WSDPrintDevice - ok
12:31:29.0557 0x1bf8 WSearch - ok
12:31:29.0697 0x1bf8 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
12:31:29.0791 0x1bf8 wuauserv - ok
12:31:29.0806 0x1bf8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:31:29.0822 0x1bf8 WudfPf - ok
12:31:29.0837 0x1bf8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:31:29.0837 0x1bf8 WUDFRd - ok
12:31:29.0853 0x1bf8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:31:29.0853 0x1bf8 wudfsvc - ok
12:31:29.0884 0x1bf8 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
12:31:29.0900 0x1bf8 WwanSvc - ok
12:31:29.0915 0x1bf8 ================ Scan global ===============================
12:31:29.0947 0x1bf8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:31:29.0978 0x1bf8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:31:30.0009 0x1bf8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:31:30.0025 0x1bf8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:31:30.0071 0x1bf8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:31:30.0087 0x1bf8 [ Global ] - ok
12:31:30.0087 0x1bf8 ================ Scan MBR ==================================
12:31:30.0103 0x1bf8 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:31:30.0680 0x1bf8 \Device\Harddisk0\DR0 - ok
12:31:30.0680 0x1bf8 ================ Scan VBR ==================================
12:31:30.0680 0x1bf8 [ E458A4657BA829A6DCE5C4A2DF46726F ] \Device\Harddisk0\DR0\Partition1
12:31:30.0727 0x1bf8 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
12:31:30.0727 0x1bf8 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
12:31:33.0644 0x1bf8 [ 9C50DDF090E5A766E5A19BDAE729C548 ] \Device\Harddisk0\DR0\Partition2
12:31:33.0659 0x1bf8 \Device\Harddisk0\DR0\Partition2 - ok
12:31:33.0675 0x1bf8 [ AA1EC284CD0D89D4E6A87A95A3438C2C ] \Device\Harddisk0\DR0\Partition3
12:31:33.0691 0x1bf8 \Device\Harddisk0\DR0\Partition3 - ok
12:31:33.0691 0x1bf8 ================ Scan generic autorun ======================
12:31:34.0065 0x1bf8 [ 21DABCD4A7AF0F0F33CB6DD5BE640391, 78BC3FECCF6AF82B7D4CF3F385F81C55B8DB7042EB2257301624036827281973 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
12:31:34.0408 0x1bf8 RtHDVCpl - ok
12:31:34.0580 0x1bf8 [ F2C49A7AA03FC231BE87A65E50D0B6F6, 549A188E8F1E2CA1E4A82EC4F5D7B45C24BAB2B1177EA848183D72F97E198E38 ] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
12:31:34.0642 0x1bf8 IntelWireless - ok
12:31:34.0658 0x1bf8 [ 2C7FF3931FD2AF0DCD6CC6890F3A646D, 0E2A2A3F374E08875E555356AA8BB80D38A580E9E79A831886E6B6BB6C7815C9 ] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
12:31:34.0673 0x1bf8 TPHOTKEY - ok
12:31:34.0689 0x1bf8 [ 4EAB67E885087BDB2B247CD2E290CC22, D10092DCDBE1BB36D5777BD240129F788C58D5D6A92F45E9A5AD7A5FAF37A422 ] C:\Windows\system32\TpShocks.exe
12:31:34.0705 0x1bf8 TpShocks - ok
12:31:34.0767 0x1bf8 [ 914D0CE4733662B477E41478081A26EF, 4E7FD4720226BD2F240EEBB95399D7608FE9FC45D28A8D842D7B1BC45F3DE312 ] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
12:31:34.0767 0x1bf8 LENOVO.TPKNRRES - ok
12:31:34.0783 0x1bf8 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
12:31:34.0798 0x1bf8 Logitech Download Assistant - ok
12:31:34.0829 0x1bf8 [ 810A5F70CEB063CEC85360394BEC2C56, FCC289B23B2347AD7C34B48E6EFB1914B5ED8D9DD397B0816D94747B168DFD64 ] C:\Windows\system32\igfxtray.exe
12:31:34.0829 0x1bf8 IgfxTray - ok
12:31:34.0861 0x1bf8 [ 2FE8F6A30802B69A3F501607F346DEEA, CD603DB6055861E9EAD397234120FBE0D3CACEFADB0D6001099CF0DA9DF1CC34 ] C:\Windows\system32\hkcmd.exe
12:31:34.0876 0x1bf8 HotKeysCmds - ok
12:31:34.0923 0x1bf8 [ CA1941B93BA45B7EA4D7D9F451B25C84, B0648762862931CB12004C92CD7A7EF8E3B1C14DD33C980A490D8AA56F7AA723 ] C:\Windows\system32\igfxpers.exe
12:31:34.0939 0x1bf8 Persistence - ok
12:31:34.0939 0x1bf8 PWMTRV - ok
12:31:35.0095 0x1bf8 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
12:31:35.0126 0x1bf8 Adobe ARM - ok
12:31:35.0173 0x1bf8 [ 3AE689BED298F7A53976C814806FC170, 5D5A1D3C4D9BD401FFC21099E345A9F70470C15B849BDCF19E7ED9DD792D9C11 ] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
12:31:35.0188 0x1bf8 ScanSnap WIA Service Checker - ok
12:31:35.0251 0x1bf8 [ 61ABC99B227B357F6569202C34879A36, 29148D22FDCA3FFE6F92196A7449F4C852AECEDA465334EF591ACBBA26EA4DDE ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
12:31:35.0251 0x1bf8 Adobe Acrobat Speed Launcher - ok
12:31:35.0297 0x1bf8 [ 363C8F7EB51B14957CA84CD3751C1749, C16998825E70BF9B4EF9D5C322C1158BED03D6E300AC35D814E9A52DBE5ED109 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
12:31:35.0329 0x1bf8 Acrobat Assistant 8.0 - ok
12:31:35.0391 0x1bf8 [ 63EDEA2B838555296B9A1C3289B5B6B7, 6FA89FED7AAAB242898050D69F41C1F42C858ECDBCD6922F156424B5FF71C17C ] C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe
12:31:35.0422 0x1bf8 SacReminderHDDV2N - ok
12:31:35.0656 0x1bf8 [ 4BC008AE9C231723C6C71CD1BB712753, 7EA70360940811BCC3664759E3AF1CF8B24AFEEFC4B86985E9A9136866F12787 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
12:31:35.0890 0x1bf8 SUPERAntiSpyware - ok
12:31:35.0890 0x1bf8 Waiting for KSN requests completion. In queue: 90
12:31:36.0904 0x1bf8 Waiting for KSN requests completion. In queue: 15
12:31:37.0918 0x1bf8 Waiting for KSN requests completion. In queue: 15
12:31:38.0932 0x1bf8 Waiting for KSN requests completion. In queue: 15
12:31:40.0024 0x1bf8 Win FW state via NFP2: enabled
12:31:42.0895 0x1bf8 ============================================================
12:31:42.0895 0x1bf8 Scan finished
12:31:42.0895 0x1bf8 ============================================================
12:31:42.0895 0x1db8 Detected object count: 1
12:31:42.0895 0x1db8 Actual detected object count: 1
12:32:07.0356 0x1db8 \Device\Harddisk0\DR0\Partition1 - copied to quarantine
12:32:07.0387 0x1db8 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
12:32:07.0402 0x1db8 \Device\Harddisk0\DR0\Partition1 - ok
12:32:07.0402 0x1db8 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
12:32:08.0557 0x1db8 KLMD registered as C:\Windows\system32\drivers\89696450.sys
12:32:15.0780 0x0e60 Deinitialize success


Next?
 
TDSSKiller found and removed a bad rootkit, be sure to reboot your computer to have TDSSkiller remove it


Open notepad (Start =>All Programs => Accessories => Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. (it has to be right next to FRST/64)

Start
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
PDF Writer Packages (HKCU\...\PDF Writer Packages) (Version: - ) <==== ATTENTION
Reboot:
End
Click to expand...

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Then run a new scan with FRST , besure to check Additions and post both logs please and also let me know how your system is behaving now
 
Fixlog.txt, FrST.txt - Additions will follow

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-07-2014
Ran by admin at 2014-07-20 14:24:36 Run:2
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
PDF Writer Packages (HKCU\...\PDF Writer Packages) (Version: - ) <==== ATTENTION
Reboot:
End
*****************

SPPD => Service deleted successfully.
PDF Writer Packages (HKCU\...\PDF Writer Packages) (Version: - ) <==== ATTENTION => Error: No automatic fix found for this entry.


The system needed a reboot.

==== End of Fixlog ====


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by admin (administrator) on ADMIN-THINK on 20-07-2014 14:27:56
Running from C:\Users\admin\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Storage Appliance Corp.) C:\ProgramData\OfficeGuardianV2N\UACProxy.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Storage Appliance Corporation) C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Storage Appliance Corp.) C:\ProgramData\OfficeGuardianV2N\Reminder\SacReminder.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => TpShocks.exe
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-20] (Lenovo Group Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3773765143-1762522670-3504364941-1000\...\Run: [SacReminderHDDV2N] => C:\ProgramData\OfficeGuardianV2N\reminder\SacReminder.exe [862032 2010-11-18] (Storage Appliance Corp.)
HKU\S-1-5-21-3773765143-1762522670-3504364941-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk
ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.6.lnk -> C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {457AF9A6-E74D-46E0-8D50-2618AD74994C} URL =
SearchScopes: HKCU - {2B6C10C8-5EC9-4107-BA39-7E45AEF4A2E0} URL =
SearchScopes: HKCU - {3707A5F0-5A75-4210-92B3-C15DB38BB05F} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {457AF9A6-E74D-46E0-8D50-2618AD74994C} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l4htek0o.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: RivalGaming - C:\Users\admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-07-20]
FF Extension: VideoDownloadConverter - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l4htek0o.default\Extensions\4zffxtbr-bs@VideoDownloadConverter_4z.com [2014-05-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-13]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-03-06]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 CFUACProxy_officeguardianv2n; C:\ProgramData\OfficeGuardianV2N\UACProxy.exe [83792 2010-11-18] (Storage Appliance Corp.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 SacNetAgentService_C57C4F854F53; C:\ProgramData\OfficeGuardianV2N\Reminder\SacNetAgent.exe [163664 2010-11-18] (Storage Appliance Corporation)
R2 SUService; c:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-03-15] (Lenovo Group Limited) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [205952 2009-11-23] (SMI)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-20 12:32 - 2014-07-20 12:32 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-20 12:28 - 2014-07-20 12:27 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\admin\Desktop\TDSSKiller.exe
2014-07-20 12:27 - 2014-07-20 12:27 - 00000000 ____D () C:\Users\admin\Desktop\tdsskiller
2014-07-20 12:11 - 2014-07-20 12:08 - 04161313 _____ () C:\Users\admin\Desktop\tdsskiller.zip
2014-07-20 12:07 - 2014-07-20 12:08 - 04161313 _____ () C:\Users\admin\Downloads\tdsskiller.zip
2014-07-20 10:10 - 2014-07-20 10:10 - 00000000 __SHD () C:\Users\admin\AppData\Local\EmieUserList
2014-07-20 10:10 - 2014-07-20 10:10 - 00000000 __SHD () C:\Users\admin\AppData\Local\EmieSiteList
2014-07-20 08:13 - 2014-07-20 08:13 - 01080320 _____ (Farbar) C:\Users\admin\Downloads\FRST.exe
2014-07-15 20:20 - 2014-07-15 20:20 - 00000773 _____ () C:\Users\admin\Desktop\attach.zip
2014-07-14 21:37 - 2014-07-15 21:15 - 00009420 _____ () C:\Users\admin\Desktop\aswMBR.txt
2014-07-14 21:37 - 2014-07-15 21:15 - 00000512 _____ () C:\Users\admin\Desktop\MBR.dat
2014-07-14 20:30 - 2014-07-15 20:14 - 00001190 _____ () C:\Users\admin\Desktop\attach.txt
2014-07-14 20:27 - 2014-07-14 19:28 - 00688992 ____R (Swearware) C:\Users\admin\Desktop\dds.com
2014-07-14 20:26 - 2014-07-14 20:08 - 05185536 _____ (AVAST Software) C:\Users\admin\Desktop\aswMBR.exe
2014-07-14 20:08 - 2014-07-14 20:08 - 05185536 _____ (AVAST Software) C:\Users\admin\Downloads\aswMBR.exe
2014-07-14 19:28 - 2014-07-14 19:28 - 00688992 _____ (Swearware) C:\Users\admin\Downloads\dds.com
2014-07-14 19:25 - 2014-07-14 19:25 - 00000956 _____ () C:\Users\admin\Desktop\ERUNT.lnk
2014-07-14 19:25 - 2014-07-14 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-14 19:25 - 2014-07-14 19:25 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-14 19:22 - 2014-07-14 19:20 - 00791393 _____ (Lars Hederer ) C:\Users\admin\Desktop\erunt-setup.exe
2014-07-14 19:20 - 2014-07-14 19:20 - 00791393 _____ (Lars Hederer ) C:\Users\admin\Downloads\erunt-setup.exe
2014-07-13 13:10 - 2014-07-13 13:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-13 11:30 - 2014-07-02 01:29 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-13 11:30 - 2014-07-02 01:21 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-13 11:30 - 2014-07-02 01:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-13 11:30 - 2014-07-02 01:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-13 11:29 - 2014-07-13 11:30 - 00004158 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b15.log
2014-07-13 10:32 - 2014-07-13 10:32 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-13 10:32 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-13 10:32 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-13 10:32 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-13 10:32 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-13 10:32 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-13 10:32 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-13 10:32 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-13 10:32 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-13 10:32 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-13 10:32 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-13 10:32 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-13 10:32 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-13 10:32 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-13 10:32 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-13 10:30 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-13 10:30 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-13 10:30 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-13 10:20 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-13 10:19 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-13 10:19 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-13 10:19 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-13 10:19 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-13 10:19 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-13 10:19 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-13 10:19 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-13 10:19 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-13 10:19 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-13 10:19 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-13 10:19 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-13 10:19 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-13 10:19 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-13 10:19 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-13 10:19 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-13 10:19 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-13 10:19 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-13 10:19 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-13 10:19 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-13 10:19 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-13 10:19 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-13 10:19 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-13 10:19 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-13 10:19 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-13 10:19 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-13 10:19 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-13 10:19 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-13 10:19 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-13 10:19 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-13 10:19 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-13 10:19 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-13 10:19 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-13 10:19 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-13 10:19 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-13 10:19 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-13 10:19 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-13 10:19 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-13 10:19 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-13 10:19 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-13 10:19 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-13 10:19 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-13 10:19 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-13 10:19 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-13 10:19 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-13 10:19 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-13 10:19 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-13 10:19 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-13 10:19 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-13 10:19 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-13 10:19 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-13 10:19 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-13 10:19 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-13 10:19 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-13 10:19 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-13 10:19 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-13 10:19 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-13 10:19 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-13 10:19 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-13 10:19 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-13 10:19 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-13 10:19 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-13 10:19 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-13 10:19 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-12 19:18 - 2014-07-12 19:49 - 00000000 ____D () C:\Users\admin\Desktop\mbar
2014-07-12 19:18 - 2014-07-12 19:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-12 19:15 - 2014-07-12 19:12 - 14349744 _____ (Malwarebytes Corp.) C:\Users\admin\Desktop\mbar-1.07.0.1012.exe
2014-07-12 19:12 - 2014-07-12 19:12 - 14349744 _____ (Malwarebytes Corp.) C:\Users\admin\Downloads\mbar-1.07.0.1012.exe
2014-07-12 18:52 - 2014-07-12 18:53 - 00000085 _____ () C:\Windows\wininit.ini
2014-07-12 15:09 - 2014-07-12 15:19 - 00000000 ____D () C:\ComboFix
2014-07-12 14:54 - 2014-07-12 14:52 - 01016261 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2014-07-12 14:53 - 2014-07-12 14:52 - 01016261 _____ (Thisisu) C:\Users\admin\Downloads\JRT.exe
2014-07-12 13:04 - 2014-07-20 08:16 - 00000000 ____D () C:\Users\admin\Desktop\FRST-OlderVersion
2014-07-12 12:56 - 2014-07-13 11:25 - 00004802 _____ () C:\Windows\PFRO.log
2014-07-11 22:52 - 2014-07-20 14:24 - 00264724 _____ () C:\Windows\WindowsUpdate.log
2014-07-11 22:33 - 2014-07-20 14:25 - 00000560 _____ () C:\Windows\setupact.log
2014-07-11 22:33 - 2014-07-11 22:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-11 22:23 - 2014-07-11 22:23 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-11 22:23 - 2014-07-11 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-11 22:23 - 2014-07-11 22:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-10 22:42 - 2014-07-12 18:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-10 22:42 - 2014-07-12 18:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-10 21:52 - 2014-07-10 21:52 - 00000000 ____D () C:\SUPERDelete
2014-07-10 21:48 - 2014-07-10 21:48 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task da46279b-4a98-420f-933d-ee03bb02b2b1.job
2014-07-10 21:48 - 2014-07-10 21:48 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c6675572-512e-43c2-b0cc-dfb9efd7f5e0.job
2014-07-10 21:48 - 2014-07-10 21:48 - 00000000 ____D () C:\Users\admin\AppData\Roaming\SUPERAntiSpyware.com
2014-07-10 21:46 - 2014-07-10 22:07 - 00001976 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-07-10 21:46 - 2014-07-10 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-10 21:46 - 2014-07-10 21:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-10 21:46 - 2014-07-10 21:46 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-10 21:44 - 2014-07-10 21:40 - 04812672 _____ (Piriform Ltd) C:\Users\admin\Desktop\ccsetup415.exe
2014-07-10 21:43 - 2014-07-10 21:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\admin\Desktop\spybot-2.4.exe
2014-07-10 21:43 - 2014-07-10 21:32 - 19998520 _____ (SUPERAntiSpyware) C:\Users\admin\Desktop\SUPERAntiSpyware.exe
2014-07-10 21:40 - 2014-07-10 21:40 - 04812672 _____ (Piriform Ltd) C:\Users\admin\Downloads\ccsetup415.exe
2014-07-10 21:38 - 2014-07-10 21:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\admin\Downloads\spybot-2.4.exe
2014-07-10 21:32 - 2014-07-10 21:32 - 19998520 _____ (SUPERAntiSpyware) C:\Users\admin\Downloads\SUPERAntiSpyware.exe
2014-07-10 21:15 - 2014-07-10 21:15 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\admin\Desktop\rkill64.exe
2014-07-10 21:01 - 2014-07-10 21:21 - 00001420 _____ () C:\Users\admin\Desktop\Rkill.txt
2014-07-10 21:01 - 2014-07-10 21:00 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\admin\Desktop\rkill.exe
2014-07-10 21:00 - 2014-07-10 21:00 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\admin\Downloads\rkill.exe
2014-07-10 20:59 - 2014-07-10 20:57 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\admin\Desktop\rkill.com
2014-07-10 20:57 - 2014-07-10 21:00 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\admin\Downloads\rkill.com
2014-07-10 20:00 - 2014-07-10 20:00 - 00000000 ____D () C:\Windows\pss
2014-07-10 19:44 - 2014-07-10 19:43 - 00929416 _____ (CNET Download.com) C:\Users\admin\Desktop\cbsidlm-cbsi188-Junkware_Removal_Tool-SEO-75910255.exe
2014-07-10 19:43 - 2014-07-10 19:43 - 00929416 _____ (CNET Download.com) C:\Users\admin\Downloads\cbsidlm-cbsi188-Junkware_Removal_Tool-SEO-75910255.exe
2014-07-08 20:12 - 2014-07-08 20:14 - 00036020 _____ () C:\Users\admin\Desktop\Addition.txt
2014-07-08 20:00 - 2014-07-20 14:29 - 00015886 _____ () C:\Users\admin\Desktop\FRST.txt
2014-07-08 19:58 - 2014-07-20 14:28 - 00000000 ____D () C:\FRST
2014-07-08 19:56 - 2014-07-20 08:16 - 02089984 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-07-08 19:53 - 2014-07-08 19:53 - 02084352 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2014-07-08 19:19 - 2014-07-08 19:18 - 01348263 _____ () C:\Users\admin\Desktop\adwcleaner_3.215.exe
2014-07-08 19:18 - 2014-07-08 19:18 - 01348263 _____ () C:\Users\admin\Downloads\adwcleaner_3.215.exe
2014-07-08 19:15 - 2014-07-06 15:54 - 04707328 _____ () C:\Users\admin\Desktop\RogueKiller.exe
2014-07-06 21:04 - 2014-07-12 14:58 - 05218570 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2014-07-06 16:05 - 2014-07-20 09:34 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2014-07-06 16:04 - 2014-07-06 16:05 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-06 10:00 - 2014-07-06 11:36 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Luqyva
2014-07-06 09:50 - 2014-07-20 09:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-06 09:47 - 2014-07-06 09:47 - 00001153 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-06 09:38 - 2014-07-06 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-06 09:37 - 2014-07-12 19:18 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-06 09:37 - 2014-07-06 09:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-06 09:37 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-06 09:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-06 08:57 - 2014-07-06 08:57 - 00000000 ____D () C:\found.000
2014-07-05 21:46 - 2014-07-06 07:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Geyhar
2014-07-05 18:07 - 2014-07-05 18:08 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Ikysid
2014-07-05 15:21 - 2014-07-05 18:06 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Suukyw

==================== One Month Modified Files and Folders =======

2014-07-20 14:29 - 2014-07-08 20:00 - 00015886 _____ () C:\Users\admin\Desktop\FRST.txt
2014-07-20 14:29 - 2010-12-18 13:11 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-07-20 14:28 - 2014-07-08 19:58 - 00000000 ____D () C:\FRST
2014-07-20 14:27 - 2010-12-18 13:11 - 00000382 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-07-20 14:25 - 2014-07-11 22:33 - 00000560 _____ () C:\Windows\setupact.log
2014-07-20 14:25 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 14:24 - 2014-07-11 22:52 - 00264724 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 13:32 - 2012-04-18 19:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-20 12:41 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-20 12:41 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-20 12:32 - 2014-07-20 12:32 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-20 12:27 - 2014-07-20 12:28 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\admin\Desktop\TDSSKiller.exe
2014-07-20 12:27 - 2014-07-20 12:27 - 00000000 ____D () C:\Users\admin\Desktop\tdsskiller
2014-07-20 12:08 - 2014-07-20 12:11 - 04161313 _____ () C:\Users\admin\Desktop\tdsskiller.zip
2014-07-20 12:08 - 2014-07-20 12:07 - 04161313 _____ () C:\Users\admin\Downloads\tdsskiller.zip
2014-07-20 10:10 - 2014-07-20 10:10 - 00000000 __SHD () C:\Users\admin\AppData\Local\EmieUserList
2014-07-20 10:10 - 2014-07-20 10:10 - 00000000 __SHD () C:\Users\admin\AppData\Local\EmieSiteList
2014-07-20 09:53 - 2014-07-06 09:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 09:34 - 2014-07-06 16:05 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2014-07-20 08:16 - 2014-07-12 13:04 - 00000000 ____D () C:\Users\admin\Desktop\FRST-OlderVersion
2014-07-20 08:16 - 2014-07-08 19:56 - 02089984 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-07-20 08:13 - 2014-07-20 08:13 - 01080320 _____ (Farbar) C:\Users\admin\Downloads\FRST.exe
2014-07-20 05:21 - 2011-11-06 16:06 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A5F8349E-1752-4697-865D-471CF82211BC}
2014-07-15 21:15 - 2014-07-14 21:37 - 00009420 _____ () C:\Users\admin\Desktop\aswMBR.txt
2014-07-15 21:15 - 2014-07-14 21:37 - 00000512 _____ () C:\Users\admin\Desktop\MBR.dat
2014-07-15 20:20 - 2014-07-15 20:20 - 00000773 _____ () C:\Users\admin\Desktop\attach.zip
2014-07-15 20:14 - 2014-07-14 20:30 - 00001190 _____ () C:\Users\admin\Desktop\attach.txt
2014-07-14 20:08 - 2014-07-14 20:26 - 05185536 _____ (AVAST Software) C:\Users\admin\Desktop\aswMBR.exe
2014-07-14 20:08 - 2014-07-14 20:08 - 05185536 _____ (AVAST Software) C:\Users\admin\Downloads\aswMBR.exe
2014-07-14 19:28 - 2014-07-14 20:27 - 00688992 ____R (Swearware) C:\Users\admin\Desktop\dds.com
2014-07-14 19:28 - 2014-07-14 19:28 - 00688992 _____ (Swearware) C:\Users\admin\Downloads\dds.com
2014-07-14 19:26 - 2012-03-18 15:58 - 00000000 ____D () C:\Windows\ERDNT
2014-07-14 19:25 - 2014-07-14 19:25 - 00000956 _____ () C:\Users\admin\Desktop\ERUNT.lnk
2014-07-14 19:25 - 2014-07-14 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-14 19:25 - 2014-07-14 19:25 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-14 19:20 - 2014-07-14 19:22 - 00791393 _____ (Lars Hederer ) C:\Users\admin\Desktop\erunt-setup.exe
2014-07-14 19:20 - 2014-07-14 19:20 - 00791393 _____ (Lars Hederer ) C:\Users\admin\Downloads\erunt-setup.exe
2014-07-14 17:52 - 2012-05-06 11:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-13 15:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-13 13:11 - 2014-07-13 13:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-13 11:30 - 2014-07-13 11:29 - 00004158 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b15.log
2014-07-13 11:30 - 2014-01-01 20:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-13 11:30 - 2013-09-06 18:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-13 11:25 - 2014-07-12 12:56 - 00004802 _____ () C:\Windows\PFRO.log
2014-07-13 11:25 - 2009-07-14 00:45 - 00335184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-13 11:23 - 2014-05-07 20:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-13 11:23 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 11:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-13 11:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-13 10:33 - 2012-04-18 19:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-13 10:33 - 2012-04-18 19:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-13 10:33 - 2011-05-16 18:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-13 10:32 - 2014-07-13 10:32 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-13 10:25 - 2013-08-15 00:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-13 10:08 - 2011-02-03 19:48 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-12 19:49 - 2014-07-12 19:18 - 00000000 ____D () C:\Users\admin\Desktop\mbar
2014-07-12 19:49 - 2014-07-12 19:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-12 19:18 - 2014-07-06 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-12 19:12 - 2014-07-12 19:15 - 14349744 _____ (Malwarebytes Corp.) C:\Users\admin\Desktop\mbar-1.07.0.1012.exe
2014-07-12 19:12 - 2014-07-12 19:12 - 14349744 _____ (Malwarebytes Corp.) C:\Users\admin\Downloads\mbar-1.07.0.1012.exe
2014-07-12 18:54 - 2014-07-10 22:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-12 18:53 - 2014-07-12 18:52 - 00000085 _____ () C:\Windows\wininit.ini
2014-07-12 18:53 - 2014-07-10 22:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-12 15:19 - 2014-07-12 15:09 - 00000000 ____D () C:\ComboFix
2014-07-12 15:18 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-12 14:58 - 2014-07-06 21:04 - 05218570 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2014-07-12 14:52 - 2014-07-12 14:54 - 01016261 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2014-07-12 14:52 - 2014-07-12 14:53 - 01016261 _____ (Thisisu) C:\Users\admin\Downloads\JRT.exe
2014-07-12 12:59 - 2013-10-15 05:40 - 00000000 ____D () C:\AdwCleaner
2014-07-12 12:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-07-11 22:33 - 2014-07-11 22:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-11 22:29 - 2011-11-05 21:12 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-07-11 22:28 - 2009-07-24 13:29 - 00000000 ____D () C:\Windows\Panther
2014-07-11 22:23 - 2014-07-11 22:23 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-11 22:23 - 2014-07-11 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-11 22:23 - 2014-07-11 22:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-10 22:07 - 2014-07-10 21:46 - 00001976 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-07-10 21:52 - 2014-07-10 21:52 - 00000000 ____D () C:\SUPERDelete
2014-07-10 21:48 - 2014-07-10 21:48 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task da46279b-4a98-420f-933d-ee03bb02b2b1.job
2014-07-10 21:48 - 2014-07-10 21:48 - 00000510 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c6675572-512e-43c2-b0cc-dfb9efd7f5e0.job
2014-07-10 21:48 - 2014-07-10 21:48 - 00000000 ____D () C:\Users\admin\AppData\Roaming\SUPERAntiSpyware.com
2014-07-10 21:48 - 2014-07-10 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-10 21:48 - 2014-07-10 21:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-10 21:46 - 2014-07-10 21:46 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-10 21:40 - 2014-07-10 21:44 - 04812672 _____ (Piriform Ltd) C:\Users\admin\Desktop\ccsetup415.exe
2014-07-10 21:40 - 2014-07-10 21:40 - 04812672 _____ (Piriform Ltd) C:\Users\admin\Downloads\ccsetup415.exe
2014-07-10 21:38 - 2014-07-10 21:43 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\admin\Desktop\spybot-2.4.exe
2014-07-10 21:38 - 2014-07-10 21:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\admin\Downloads\spybot-2.4.exe
2014-07-10 21:32 - 2014-07-10 21:43 - 19998520 _____ (SUPERAntiSpyware) C:\Users\admin\Desktop\SUPERAntiSpyware.exe
2014-07-10 21:32 - 2014-07-10 21:32 - 19998520 _____ (SUPERAntiSpyware) C:\Users\admin\Downloads\SUPERAntiSpyware.exe
2014-07-10 21:21 - 2014-07-10 21:01 - 00001420 _____ () C:\Users\admin\Desktop\Rkill.txt
2014-07-10 21:15 - 2014-07-10 21:15 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\admin\Desktop\rkill64.exe
2014-07-10 21:00 - 2014-07-10 21:01 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\admin\Desktop\rkill.exe
2014-07-10 21:00 - 2014-07-10 21:00 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\admin\Downloads\rkill.exe
2014-07-10 21:00 - 2014-07-10 20:57 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\admin\Downloads\rkill.com
2014-07-10 20:57 - 2014-07-10 20:59 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\admin\Desktop\rkill.com
2014-07-10 20:00 - 2014-07-10 20:00 - 00000000 ____D () C:\Windows\pss
2014-07-10 19:43 - 2014-07-10 19:44 - 00929416 _____ (CNET Download.com) C:\Users\admin\Desktop\cbsidlm-cbsi188-Junkware_Removal_Tool-SEO-75910255.exe
2014-07-10 19:43 - 2014-07-10 19:43 - 00929416 _____ (CNET Download.com) C:\Users\admin\Downloads\cbsidlm-cbsi188-Junkware_Removal_Tool-SEO-75910255.exe
2014-07-08 20:14 - 2014-07-08 20:12 - 00036020 _____ () C:\Users\admin\Desktop\Addition.txt
2014-07-08 19:53 - 2014-07-08 19:53 - 02084352 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2014-07-08 19:18 - 2014-07-08 19:19 - 01348263 _____ () C:\Users\admin\Desktop\adwcleaner_3.215.exe
2014-07-08 19:18 - 2014-07-08 19:18 - 01348263 _____ () C:\Users\admin\Downloads\adwcleaner_3.215.exe
2014-07-08 19:00 - 2013-09-02 06:28 - 00000000 ____D () C:\Users\admin\AppData\Local\Avg2013
2014-07-08 19:00 - 2013-09-02 06:28 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-08 18:58 - 2013-09-02 06:32 - 00000000 ____D () C:\ProgramData\AVG2013
2014-07-08 18:57 - 2013-09-02 06:32 - 00000000 ____D () C:\$AVG
2014-07-06 18:50 - 2012-03-18 15:57 - 00000000 ____D () C:\Qoobox
2014-07-06 16:05 - 2014-07-06 16:04 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-06 15:54 - 2014-07-08 19:15 - 04707328 _____ () C:\Users\admin\Desktop\RogueKiller.exe
2014-07-06 11:36 - 2014-07-06 10:00 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Luqyva
2014-07-06 09:48 - 2012-03-18 10:53 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Malwarebytes
2014-07-06 09:47 - 2014-07-06 09:47 - 00001153 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-06 09:47 - 2014-07-06 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-06 09:38 - 2014-07-06 09:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-06 09:37 - 2012-03-18 10:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-06 09:36 - 2013-10-15 05:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-06 08:57 - 2014-07-06 08:57 - 00000000 ____D () C:\found.000
2014-07-06 07:59 - 2010-12-18 13:11 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-07-06 07:59 - 2010-12-18 13:11 - 00000000 ____D () C:\ProgramData\PCDr
2014-07-06 07:55 - 2014-07-05 21:46 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Geyhar
2014-07-05 18:08 - 2014-07-05 18:07 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Ikysid
2014-07-05 18:06 - 2014-07-05 15:21 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Suukyw
2014-07-04 18:34 - 2009-07-14 01:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-02 01:29 - 2014-07-13 11:30 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-02 01:21 - 2014-07-13 11:30 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-02 01:21 - 2014-07-13 11:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-02 01:20 - 2014-07-13 11:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-29 22:09 - 2014-07-13 10:20 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-13 10:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-20 16:14 - 2014-07-13 10:19 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-13 10:19 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-13 15:19

==================== End Of Log ============================
 
Additions.txt file

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014
Ran by admin at 2014-07-20 14:30:21
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
ABBYY FineReader for ScanSnap (TM) 4.1 (HKLM-x32\...\{FB410000-0002-0000-0000-074957833700}) (Version: 8.02.650.72520 - ABBYY)
AbiWord 2.6.4 (HKLM-x32\...\AbiWord2) (Version: 2.6.4 - AbiSource Developers)
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.0.5 - )
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L40 - PFU)
CardMinder V4.1 (x32 Version: 4.1.40.1 - PFU) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
GoToMeeting 5.1.0.880 (HKCU\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{650AF771-456D-418F-BFC7-F6FFC9D0235C}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
ImageMixer 3 SE Ver.6 Transfer Utility (HKLM-x32\...\{3A2AD071-AABD-4712-A43E-11D06BAA661D}) (Version: 6.00.017 - PIXELA)
ImageMixer 3 SE Ver.6 Video Tools (HKLM-x32\...\{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}) (Version: 6.00.018 - PIXELA)
Integrated Camera (HKLM\...\Integrated Camera) (Version: 5.50.2.7 - Silicon Motion)
Integrated Camera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.50.2.7 - Silicon Motion)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
Intel(R) Wireless Display (HKLM\...\{0D9917CE-1C77-4B58-A153-DCB5A854ED82}) (Version: 1.2.15.0 - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.199 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.199 - InterVideo Inc.) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Battery Utility 2014 1.2 (HKLM-x32\...\{62D5A67D-E5CC-4D79-8998-DDFDB7750346}_is1) (Version: 1.2 - Lenovo Corp)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.22 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.02 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5717.37 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: - Lenovo)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\{4330AAE7-1893-42F9-BC38-539A1A60530B}) (Version: 3.6.0034 - Lenovo)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office Clip Art (HKLM-x32\...\Office Clip Art) (Version: - Freeze.com, LLC)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.10.00 - )
PDF Creator (HKLM\...\PDF Creator) (Version: - )
PDF Writer Packages (HKCU\...\PDF Writer Packages) (Version: - ) <==== ATTENTION
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
ScanSnap (x32 Version: 5.1.30.19 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L41 - PFU)
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L30 - PFU)
ScanSnap Organizer (x32 Version: 4.1.30.16 - PFU LIMITED) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0032 - Lenovo)
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.30 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.71 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.41 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{55CEDC7F-3965-47C0-AC71-40AAA418B6A5}) (Version: 5.9.3.6264 - UPEK Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Driver Package - Intel (iaStor) hdc (01/15/2010 9.5.7.1002) (HKLM\...\C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6) (Version: 01/15/2010 9.5.7.1002 - Intel)
Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/29/2010 6.0.1.6146) (HKLM\...\03A7DBDC77B53F52C7EA041F531310CFC5E2AD9E) (Version: 06/29/2010 6.0.1.6146 - Realtek Semiconductor Corp.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

13-07-2014 14:01:25 Windows Update
13-07-2014 15:16:22 Windows Update
13-07-2014 15:27:41 Installed Java 7 Update 55
20-07-2014 09:58:45 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-07-20 09:48 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00879011-1C6F-46F4-8EF5-1961D43957A6} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2010-11-11] ()
Task: {30BE5F54-319E-4AFA-91AD-83FFAD6C7016} - System32\Tasks\JavaUpdateSched => C:\Windows\SysWOW64\jusched.exe
Task: {3EE31928-84CB-4EEE-8427-6050709D6F2D} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-24] (Lenovo Group Limited)
Task: {50DD057A-13EA-4521-8695-8565F1D50955} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-13] (Adobe Systems Incorporated)
Task: {527983EB-FBA1-4A28-BE2E-A983CED92D07} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {B93B38CC-0033-4039-BCAC-2176D2CFE64B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {D9F957AE-4748-4733-A511-E99E287BBF36} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-01-27] (PC-Doctor, Inc.)
Task: {DF19E8C3-AF3C-4B85-9534-F1898641342F} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdrcui.exe [2011-01-27] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c6675572-512e-43c2-b0cc-dfb9efd7f5e0.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task da46279b-4a98-420f-933d-ee03bb02b2b1.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2010-03-05 13:21 - 2010-03-05 13:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-09-22 12:52 - 2011-10-04 22:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2011-11-05 21:12 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-12-18 12:50 - 2010-08-24 14:30 - 00038912 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2010-03-05 13:21 - 2010-03-05 13:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-11-29 04:34 - 2010-11-29 04:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-06 21:06 - 2008-11-12 16:32 - 00014848 _____ () C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPath.dll
2011-04-04 21:00 - 2009-07-21 15:42 - 00364544 ____N () C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\pxl_m17n_tool.dll
2012-03-06 21:03 - 2011-08-31 09:41 - 00376832 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2012-03-06 21:03 - 2011-03-16 16:30 - 00233472 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2012-03-06 21:03 - 2003-03-26 19:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2012-03-06 21:03 - 2010-08-24 17:56 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\22741838.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\22741838.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2014 09:34:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc000070a
Fault offset: 0x000000000005cf99
Faulting process id: 0x12c8
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3

Error: (07/20/2014 09:08:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Exception code: 0xc0000005
Fault offset: 0x00000000000587ba
Faulting process id: 0x123c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (07/20/2014 08:14:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000024
Fault offset: 0x00000000000cd7e8
Faulting process id: 0x9c0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (07/15/2014 08:11:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000008
Fault offset: 0x00000000000cd7e8
Faulting process id: 0xdf4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (07/13/2014 00:09:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000008
Fault offset: 0x00000000000cd7e8
Faulting process id: 0xea8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (07/13/2014 11:41:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17207, time stamp: 0x53a20d78
Faulting module name: Flash64_14_0_0_145.ocx, version: 14.0.0.145, time stamp: 0x53aa2496
Exception code: 0xc0000005
Fault offset: 0x000000000024b92e
Faulting process id: 0x8c8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/12/2014 05:04:05 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (07/12/2014 03:49:11 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (07/12/2014 03:49:11 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (07/12/2014 03:09:44 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).


System errors:
=============
Error: (07/20/2014 02:26:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/20/2014 02:26:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/20/2014 02:25:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (07/20/2014 00:35:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/20/2014 00:34:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (07/20/2014 11:58:44 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (07/20/2014 11:43:54 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (07/20/2014 10:19:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/20/2014 10:18:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (07/20/2014 09:52:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (01/25/2014 01:02:36 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 5840 seconds with 3360 seconds of active time. This session ended with a crash.

Error: (11/18/2012 05:32:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 13819 seconds with 1380 seconds of active time. This session ended with a crash.

Error: (10/07/2012 08:44:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11793 seconds with 8940 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2014-07-12 15:17:57.418
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-12 15:17:57.372
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-12 15:17:57.325
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-12 15:17:57.278
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-10 20:20:28.346
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-10 20:20:28.299
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-10 20:20:28.268
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-10 20:20:28.221
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-06 19:04:00.352
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-06 19:04:00.305
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 3892.55 MB
Available physical RAM: 2400.2 MB
Total Pagefile: 7783.28 MB
Available Pagefile: 5998.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:395.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:1.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: C6D19D70)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================


System has been stable and the iexplorer has not started in the background since the last TDSSKiller run (about 2 hours).
 
Proxy Server Query Response

I did not set any proxy server info. I do not know what that means or how to set it. Should I do something about it? If so, how?
 
Download MiniToolBox and save it to your desktop and run it.

Checkmark following checkboxes:
  • Flush DNS
  • Reset IE Proxy Settings
  • List Installed Programs
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
 
Minitoolbox results log

MiniToolBox by Farbar Version: 06-07-2014
Ran by admin (administrator) on 20-07-2014 at 16:30:47
Running from "C:\Users\admin\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.


Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
=========================== Installed Programs ============================
ABBYY FineReader for ScanSnap (TM) 4.1 (HKLM-x32\...\{FB410000-0002-0000-0000-074957833700}) (Version: 8.02.650.72520 - ABBYY)
AbiWord 2.6.4 (HKLM-x32\...\AbiWord2) (Version: 2.6.4 - AbiSource Developers)
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.0.5 - )
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L40 - PFU)
CardMinder V4.1 (x32 Version: 4.1.40.1 - PFU) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
GoToMeeting 5.1.0.880 (HKCU\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{650AF771-456D-418F-BFC7-F6FFC9D0235C}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
ImageMixer 3 SE Ver.6 Transfer Utility (HKLM-x32\...\{3A2AD071-AABD-4712-A43E-11D06BAA661D}) (Version: 6.00.017 - PIXELA)
ImageMixer 3 SE Ver.6 Video Tools (HKLM-x32\...\{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}) (Version: 6.00.018 - PIXELA)
Integrated Camera (HKLM\...\Integrated Camera) (Version: 5.50.2.7 - Silicon Motion)
Integrated Camera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.50.2.7 - Silicon Motion)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
Intel(R) Wireless Display (HKLM\...\{0D9917CE-1C77-4B58-A153-DCB5A854ED82}) (Version: 1.2.15.0 - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.199 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.199 - InterVideo Inc.) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Battery Utility 2014 1.2 (HKLM-x32\...\{62D5A67D-E5CC-4D79-8998-DDFDB7750346}_is1) (Version: 1.2 - Lenovo Corp)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.22 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.02 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5717.37 - PC-Doctor, Inc.)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: - Lenovo)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\{4330AAE7-1893-42F9-BC38-539A1A60530B}) (Version: 3.6.0034 - Lenovo)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office Clip Art (HKLM-x32\...\Office Clip Art) (Version: - Freeze.com, LLC)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.10.00 - )
PDF Creator (HKLM\...\PDF Creator) (Version: - )
PDF Writer Packages (HKCU\...\PDF Writer Packages) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
ScanSnap (x32 Version: 5.1.30.19 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L41 - PFU)
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L30 - PFU)
ScanSnap Organizer (x32 Version: 4.1.30.16 - PFU LIMITED) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0032 - Lenovo)
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.30 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.71 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.41 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{55CEDC7F-3965-47C0-AC71-40AAA418B6A5}) (Version: 5.9.3.6264 - UPEK Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Driver Package - Intel (iaStor) hdc (01/15/2010 9.5.7.1002) (HKLM\...\C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6) (Version: 01/15/2010 9.5.7.1002 - Intel)
Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (HKLM\...\D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/29/2010 6.0.1.6146) (HKLM\...\03A7DBDC77B53F52C7EA041F531310CFC5E2AD9E) (Version: 06/29/2010 6.0.1.6146 - Realtek Semiconductor Corp.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

**** End of log ****
 
Response to Running Okay Query

System seems to be running okay. Still no iexplorer running in background and has been several hours.

Other stuff seems to be working okay with the exception that there appears to be some problem with email infection. I have received a lot of "bounced" emails that are coming back as undeliverable that I did not send out. But, I am guessing that is a whole new thread?
 
Your not saying what email client is causing that, whatever email is giving you the problem you need to open it and change your password, if its an online email like yahoo or hotmail for example, you may need to close your account and open a new one, let me know what email your using and if changing your password helped
 
Follow-up on email query

Email is a cox.net account. I use Thunderbird as the program.

The problem was in a rarely used sub-account, so I simply closed and deleted it. That has stopped the problem, at least for now.

Thanks.
 
Status
Not open for further replies.
Back
Top